Sensitive Information Exposure Vulnerability in WP Private Content Plus
CVE-2024-11292

5.3MEDIUM

Key Information:

Vendor
Wordpress
Status
WP Private Content Plus
Vendor
CVE Published:
6 December 2024

Summary

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Affected Version(s)

WP Private Content Plus * <= 3.6.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/wp-private-content-plus/

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Francesco Carlucci
.