The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to expose private, pending, trashed, and draft post titles. Successful exploitation requires the Elementor plugin to be installed and activated.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/3156405/sight | Patch |
https://www.wordfence.com/threat-intel/vulnerabilities/id/f889342e-03fb-44eb-b5cb-acf115a526c3?source=cve | Third Party Advisory |
Configurations
History
01 Oct 2024, 13:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/changeset/3156405/sight - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/f889342e-03fb-44eb-b5cb-acf115a526c3?source=cve - Third Party Advisory | |
CPE | cpe:2.3:a:codesupply:sight:*:*:*:*:*:wordpress:*:* | |
First Time |
Codesupply
Codesupply sight |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
26 Sep 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-26 09:15
Updated : 2024-10-01 13:44
NVD link : CVE-2024-9025
Mitre link : CVE-2024-9025
CVE.ORG link : CVE-2024-9025
JSON object : View
Products Affected
codesupply
- sight
CWE
CWE-862
Missing Authorization