5.3
CVE-2024-0839
- EPSS 0.25%
- Veröffentlicht 13.03.2024 16:15:14
- Zuletzt bearbeitet 11.03.2025 13:25:38
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
FeedWordPress <= 2022.0222 - Insecure Direct Object Referece
The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information.
Mögliche Gegenmaßnahme
FeedWordPress: Update to version 2024.0428, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
FeedWordPress
Version
*-2022.0222
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Feedwordpress Project ≫ Feedwordpress SwPlatformwordpress Version < 2024.0428
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.478 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.