CVE-2023-1371

Published Apr 17, 2023

Last updated a year ago

Overview

Description: The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them
Source: contact@wpscan.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:w4_post_list_project:w4_post_list:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9309060D-157E-4848-9251-82EA10EEB921",
            "versionEndExcluding": "2.4.6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References