CVE-2024-11089

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 21, 2024
CWE ID 200
CWE ID 276

Summary

CVE-2024-11089 is a vulnerability affecting the Anonymous Restricted Content plugin for WordPress. In versions up to and including 1.6.5, this plugin fails to adequately protect sensitive information. Unauthenticated attackers can exploit this weakness through the WordPress core search feature, providing them access to restricted data in posts that are intended for logged-in users only. This issue poses a significant risk, as sensitive information may include personal details, passwords, or other confidential data. Users are strongly urged to update the plugin to a patched version to mitigate this exposure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share