7.5
CVE-2024-0909
- EPSS 0.47%
- Veröffentlicht 03.02.2024 06:15:48
- Zuletzt bearbeitet 16.07.2025 13:23:29
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAnonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.
Mögliche Gegenmaßnahme
Anonymous Restricted Content: Update to version 1.6.3, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Anonymous Restricted Content
Version
*-1.6.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cayenne ≫ Anonymous Restricted Content SwPlatformwordpress Version <= 1.6.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.635 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|