The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2023-04-10 14:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1426
Mitre link : CVE-2023-1426
CVE.ORG link : CVE-2023-1426
JSON object : View
Products Affected
keetrax
- wp_tiles
CWE