PT-2024-16561 · WordPress · Hash Elements
Francesco Carlucci
·
Published
2024-11-12
·
Updated
2024-11-13
·
CVE-2024-10802
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hash Elements plugin for WordPress versions up to, and including, 1.4.7
Description
The issue is related to unauthorized access of data due to a missing capability check on the
hash elements get posts title by id() function. This allows unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.Recommendations
For Hash Elements plugin for WordPress versions up to, and including, 1.4.7, update to a version later than 1.4.7 to resolve the issue. As a temporary workaround, consider restricting access to the
hash elements get posts title by id() function until a patch is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hash Elements