PT-2024-25121 · WordPress · Easy Custom Auto Excerpt
Krzysztof Zając
·
Published
2024-05-02
·
Updated
2024-05-02
·
CVE-2024-3312
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Easy Custom Auto Excerpt plugin for WordPress versions up to, and including, 2.4.12
Description
The issue allows unauthenticated attackers to obtain excerpts of password-protected posts, potentially exposing sensitive information.
Recommendations
For versions up to, and including, 2.4.12, update to a version newer than 2.4.12 to resolve the issue.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easy Custom Auto Excerpt