Unauthenticated Attackers Can Access Limited Information from Password Protected Posts
CVE-2024-3678

Currently unrated

Key Information:

Vendor: Wordpress
Status: Blog2social
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-3678?

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3069574/blog...

https://plugins.trac.wordpress.org/changeset/3074883/blog...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024

Wordpress

What is CVE-2024-3678?

References

Timeline