CVE-2024-11297

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 20, 2024

CWE ID 200

CWE ID 203

Summary

CVE-2024-11297 is a newly identified vulnerability affecting the Protect WP Pages/Post plugin for WordPress. This issue allows unauthenticated attackers to extract sensitive information from restricted posts through the WordPress core search feature. The vulnerability is present in all versions up to and including 1.3.6, making it essential for users to update their plugins as soon as possible to mitigate this Sensitive Information Exposure risk. Failure to address this issue could result in attackers gaining unauthorized access to sensitive data intended for higher-level roles, such as administrators.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0lIOzR
https://www.cve.org/CVERecord?id=CVE-2024-11297
https://nvd.nist.gov/vuln/detail/CVE-2024-11297

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

Know What Matters

For Customers

For Partners

CVE-2024-11297

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations