PT-2024-17440 · WordPress · Content No Cache
Francesco Carlucci
·
Published
2024-12-24
·
Updated
2024-12-24
·
CVE-2024-12103
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Content No Cache: prevent specific content from being cached plugin for WordPress versions up to, and including, 0.1.2
Description
The issue allows unauthenticated attackers to extract data from password protected, private, or draft posts due to insufficient restrictions on which posts can be included via the
eos dyn get content action. This makes it possible for attackers to access data they should not have access to.Recommendations
For versions up to, and including, 0.1.2, consider disabling the
eos dyn get content action until a patch is available to prevent unauthenticated attackers from extracting sensitive data. Restrict access to password protected, private, or draft posts to minimize the risk of exploitation.Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Content No Cache