CVE-2024-8483

The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages.
Configurations

Configuration 1 (hide)

cpe:2.3:a:madrasthemes:mas_static_content:*:*:*:*:*:wordpress:*:*

History

02 Oct 2024, 16:42

Type Values Removed Values Added
First Time Madrasthemes mas Static Content
Madrasthemes
CPE cpe:2.3:a:madrasthemes:mas_static_content:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/browser/mas-static-content/tags/1.0.8/includes/class-mas-static-content-shortcodes.php#L35 - () https://plugins.trac.wordpress.org/browser/mas-static-content/tags/1.0.8/includes/class-mas-static-content-shortcodes.php#L35 - Product
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3151679%40mas-static-content&new=3151679%40mas-static-content&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3151679%40mas-static-content&new=3151679%40mas-static-content&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/794bc5cd-c9ac-4583-ae3d-a92361374b5f?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/794bc5cd-c9ac-4583-ae3d-a92361374b5f?source=cve - Third Party Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) El complemento MAS Static Content para WordPress es vulnerable a la exposición de información en todas las versiones hasta la 1.0.8 incluida a través de la función static_content(). Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan información potencialmente confidencial de páginas de contenido estático privadas.

25 Sep 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 03:15

Updated : 2024-10-02 16:42


NVD link : CVE-2024-8483

Mitre link : CVE-2024-8483

CVE.ORG link : CVE-2024-8483


JSON object : View

Products Affected

madrasthemes

  • mas_static_content
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor