PT-2024-18151 · WordPress · Newsmatic
Krzysztof Zając
·
Published
2024-04-09
·
Updated
2025-09-30
·
CVE-2024-1587
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Newsmatic theme for WordPress versions up to, and including, 1.3.0
Description
The issue allows unauthenticated attackers to view draft posts and post content due to Sensitive Information Exposure. This is possible via the
newsmatic filter posts load tab content function.Recommendations
For versions up to, and including, 1.3.0, update to a version that contains a fix for this issue, as the current version allows exposure of sensitive information.
As a temporary workaround, consider disabling the
newsmatic filter posts load tab content function until a patch is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newsmatic