CVE-2024-10802

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 13, 2024

CWE ID 862

Summary

CVE-2024-10802 is a vulnerability affecting the Hash Elements plugin for WordPress. The issue lies in the hash_elements_get_posts_title_by_id() function, which lacks proper capability checks. As a result, unauthenticated attackers can exploit this flaw to access draft post titles that should be restricted from unauthenticated users. This vulnerability poses a significant risk, as it allows unauthorized access to sensitive information. To mitigate this risk, it is recommended that users upgrade to the latest version of the Hash Elements plugin, which should address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0Mtm3z
https://www.cve.org/CVERecord?id=CVE-2024-10802
https://nvd.nist.gov/vuln/detail/CVE-2024-10802

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-10802

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations