6.5

CVE-2023-1426

Exploit

WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure

WP Tiles <= 1.1.2 - Authenticated(Subscriber+) Sensitive Information Exposure

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.
Mögliche Gegenmaßnahme
WP Tiles: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KeetraxWp Tiles SwPlatformwordpress Version <= 1.1.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WP Tiles
Version *-1.1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.8% 0.516
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/efaef405-9721-4fb6-bcb4-4bd4f78742fd
Third Party Advisory