CVE-2024-8195

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 28, 2024
CWE ID 862

Summary

CVE-2024-8195 identifies a vulnerability in the Permalink Manager Lite plugin for WordPress, affecting all versions up to 2.4.4, which allows unauthorized access to sensitive data due to a lack of capability checks in specific functions. This vulnerability enables unauthenticated attackers to extract information such as passwords and content from password-protected posts, posing a medium-level risk to organizations utilizing the affected plugin. Remediation involves updating the plugin to the latest version that addresses this issue, thus mitigating the risk of data exposure. The attack vector is classified as network-based, requiring no user interaction or privileges for exploitation. Organizations are advised to assess their use of this plugin and implement appropriate security measures promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share