6.5
CVE-2024-8483
- EPSS 0.58%
- Veröffentlicht 25.09.2024 03:15:04
- Zuletzt bearbeitet 02.10.2024 16:42:30
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginMAS Static Content <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages.
Mögliche Gegenmaßnahme
MAS Static Content: Update to version 1.0.9, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
MAS Static Content
Version
*-1.0.8
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Madrasthemes ≫ Mas Static Content SwPlatformwordpress Version < 1.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.683 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.