Sensitive Information Exposure in GenerateBlocks Plugin for WordPress
CVE-2024-1452

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Generateblocks
Vendor: CVE Published:; 13 March 2024

What is CVE-2024-1452?

The GenerateBlocks plugin for WordPress exhibits a vulnerability that allows authenticated users with contributor-level access or higher to view sensitive content. This includes access to posts and pages that are in draft status, marked as private, or scheduled for future publication. Exploitation of this vulnerability could lead to unauthorized exposure of unpublished content, undermining user privacy and content integrity.

Affected Version(s)

GenerateBlocks * <= 1.8.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/generateblocks...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Craig Smith