CVE-2024-0680

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 28, 2024

Summary

CVE-2024-0680 is a vulnerability affecting the WP Private Content Plus plugin for WordPress. In versions 3.6 and below, there is a flaw that allows unauthenticated attackers to access protected posts through the REST API. The plugin fails to adequately restrict post access, leading to information disclosure. This issue poses a risk to the privacy and security of WordPress sites using the WP Private Content Plus plugin. Users are advised to update to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uMN5jl
https://www.cve.org/CVERecord?id=CVE-2024-0680
https://nvd.nist.gov/vuln/detail/CVE-2024-0680

Back to Vulnerability Database

CVE-2024-0680

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations