CVE-2024-11154

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 20, 2024

Updated: Nov 21, 2024

CWE ID 862

Summary

CVE-2024-11154 is a vulnerability affecting the PublishPress Revisions plugin for WordPress. This issue allows authenticated attackers, with Subscriber-level access and above, to extract sensitive data through the 'actAjaxRevisionDiffs' function. The vulnerability results in the exposure of revisions of posts and pages, posing a risk to confidential information. Versions of the plugin up to and including 3.5.15 are impacted. Users are advised to update to the latest version or consider alternative plugins to mitigate this exposure of sensitive data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0tIgdQ
https://www.cve.org/CVERecord?id=CVE-2024-11154
https://nvd.nist.gov/vuln/detail/CVE-2024-11154

Back to Vulnerability Database

CVE-2024-11154

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations