CVE-2024-11282
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-11282 is a vulnerability affecting the Passster plugin for WordPress. In its unpatched versions up to 4.2.10, this plugin is prone to Sensitive Information Exposure. The issue lies within the WordPress core search feature, which enables unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles, such as administrators. This vulnerability poses a significant risk, as it allows unauthorized access to critical information. It is crucial for WordPress users to apply the necessary patch or upgrade to a secure version of the plugin to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.