CVE-2023-1426

Exploit

EPSS 0.36%
Veröffentlicht 10.04.2023 14:15:09
Zuletzt bearbeitet 11.02.2025 22:15:25
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WP Tiles <= 1.1.2 - Authenticated(Subscriber+) Sensitive Information Exposure

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.

Mögliche Gegenmaßnahme

WP Tiles: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP Tiles

Version *-1.1.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Keetrax ≫ Wp Tiles SwPlatformwordpress Version <= 1.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.575

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/fdd79bb4-d434-4635-bb2b-84d079ecc746

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/efaef405-9721-4fb6-bcb4-4bd4f78742fd

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1426

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-1426