PT-2023-16974 · WordPress · Wp Tiles
Erwan Lr
·
Published
2023-04-10
·
Updated
2023-04-14
·
CVE-2023-1426
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Tiles WordPress plugin versions 1.1.2 and earlier
Description
The issue allows any authenticated users, such as subscribers, to retrieve the titles of draft and private posts. An attacker could also retrieve the title of any other type of post.
Recommendations
For WP Tiles WordPress plugin versions 1.1.2 and earlier, update to a version that addresses this issue, as the current version does not ensure that posts to be displayed are not draft or private.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Tiles