CVE-2024-10667

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 9, 2024
Updated: Nov 12, 2024
CWE ID 639

Summary

CVE-2024-10667 is a vulnerability affecting the Content Slider Block plugin for WordPress. This issue, present in versions up to 3.1.5, grants authenticated attackers with Contributor-level access or higher the ability to extract data from password-protected, private, or draft posts that they should not have access to. The vulnerability arises due to insufficient restrictions on which posts can be included using the [csb] shortcode. This information exposure can lead to potential security risks, making it essential for WordPress users to upgrade to the latest version or temporarily remove the plugin until a patch is available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share