CVE-2024-9025

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 26, 2024
CWE ID 862

Summary

CVE-2024-9025 identifies a vulnerability in the Sight – Professional Image Gallery and Portfolio plugin for WordPress, affecting all versions up to and including 1.1.2, which allows unauthorized access to private data due to a lack of capability checks on the 'handler_post_title' function. This weakness enables unauthenticated attackers to potentially expose private, pending, trashed, and draft post titles, particularly when the Elementor plugin is also installed and activated. The vulnerability has a medium severity rating with an exploitability score of 3.9, indicating low complexity for exploitation without requiring user interaction or special privileges. To remediate this issue, users should update the plugin to a version beyond 1.1.2 as soon as possible. Organizations using affected products may face risks related to data confidentiality if this vulnerability is exploited successfully.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share