PT-2024-37257 · WordPress · Page/Post Clone

Bassem Essam

Published

2024-06-29

Updated

2024-07-09

CVE-2024-5942

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Page and Post Clone plugin for WordPress versions up to, and including, 6.0

Description: The issue allows authenticated attackers with Author-level access and above to clone and read private posts due to missing validation on a user-controlled key in the content clone function. This enables them to access sensitive information they should not have access to.

Recommendations: For versions up to, and including, 6.0, consider disabling the content clone function until a patch is available to prevent exploitation. Restrict access to private posts and limit user privileges to minimize the risk of unauthorized access.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2024-5942

Affected Products

Page/Post Clone

PT-2024-37257 · WordPress · Page/Post Clone

CVE-2024-5942

Weakness Enumeration

Related Identifiers

Affected Products

References · 7