CVE-2024-10667
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-10667 is a vulnerability affecting the Content Slider Block plugin for WordPress. This issue, present in versions up to 3.1.5, grants authenticated attackers with Contributor-level access or higher the ability to extract data from password-protected, private, or draft posts that they should not have access to. The vulnerability arises due to insufficient restrictions on which posts can be included using the [csb] shortcode. This information exposure can lead to potential security risks, making it essential for WordPress users to upgrade to the latest version or temporarily remove the plugin until a patch is available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.