CVE-2024-12472

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 11, 2025

CWE ID 639

Summary

CVE-2024-12472 is a newly identified Information Exposure vulnerability in the Post Duplicator plugin for WordPress. This issue affects all versions up to and including 2.36. The vulnerability lies within the mtphr_duplicate_post() function, which imposes insufficient restrictions on the posts that can be duplicated. Consequently, authenticated attackers with Contributor-level access or higher can exploit this weakness to extract data from password-protected, private, or draft posts that they should not have permission to access. By duplicating these posts, attackers can gain unauthorized access to sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2Wre65
https://www.cve.org/CVERecord?id=CVE-2024-12472
https://nvd.nist.gov/vuln/detail/CVE-2024-12472

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

Know What Matters

For Customers

For Partners

CVE-2024-12472

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations