The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.
References
Configurations
History
08 Feb 2024, 20:07
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve - Third Party Advisory | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail= - Patch | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail= - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:tarassych:anonymous_restricted_content:*:*:*:*:*:wordpress:*:* | |
First Time |
Tarassych anonymous Restricted Content
Tarassych |
03 Feb 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-03 06:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-0909
Mitre link : CVE-2024-0909
CVE.ORG link : CVE-2024-0909
JSON object : View
Products Affected
tarassych
- anonymous_restricted_content
CWE