CVE-2023-1371

Exploit

EPSS 0.22%
Veröffentlicht 17.04.2023 13:15:38
Zuletzt bearbeitet 06.02.2025 16:15:32
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

W4 Post List <= 2.4.5 - Information Disclosure via post_excerpt

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them

Mögliche Gegenmaßnahme

W4 Post List: Update to version 2.4.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt W4 Post List

Version * - 2.4.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

W4 Post List Project ≫ W4 Post List SwPlatformwordpress Version < 2.4.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.447

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/ad5c167e-77f7-453c-9443-df6e07705d89

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac7408d-8ec7-415b-bf52-024182888cb4

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1371

EUVD