Sensitive Information Exposure in WordPress Page Restriction Plugin
CVE-2024-11297
5.3MEDIUM
Key Information:
- Vendor
- Cyberlord92
- Status
- Page Restriction WordPress (WP) – Protect WP Pages/post
- Vendor
- CVE Published:
- 20 December 2024
Summary
CVE-2024-11297 is a high-risk vulnerability affecting the Page Restriction (WP) – Protect WP Pages/Post plugin for WordPress. This vulnerability allows unauthenticated attackers to exploit the WordPress core search feature to gain unauthorized access to sensitive information in posts that are intended to be restricted to users with higher roles, such as administrators. All versions of the plugin up to and including 1.3.6 are susceptible. Website administrators are strongly advised to update to the latest version of the plugin to mitigate the risk of sensitive data exposure.
Affected Version(s)
Page Restriction WordPress (WP) – Protect WP Pages/Post * <= 1.3.6
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Francesco Carlucci