CVE-2024-11297
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Dec 20, 2024
CWE ID 200
CWE ID 203
Summary
CVE-2024-11297 is a vulnerability affecting the Protect WP Pages/Post plugin for WordPress in versions up to 1.3.6. This issue allows unauthenticated attackers to extract sensitive information from restricted posts using the WordPress core search feature, potentially exposing data intended for higher-level roles such as administrators. The vulnerability poses a significant risk to websites running the affected plugin and version, requiring immediate attention and patch application to mitigate the exposure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share