The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746 - Exploit, Third Party Advisory |
Information
Published : 2023-04-10 14:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1426
Mitre link : CVE-2023-1426
CVE.ORG link : CVE-2023-1426
JSON object : View
Products Affected
keetrax
- wp_tiles
CWE