Overview
- Description
- The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-639
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10688 (Published: 2024-11-09) - A high-severity vulnerability in WordPress Attesa Extra plugin. Affected versions are vulnerable to exploitation. Users are urged to update to the latest version to mitigate risks. For more details, check the changeset:… https://t.co/fK
@transilienceai
13 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10688 (Published: 2024-11-09) - High severity vulnerability in WordPress. Affects the Attesa Extra plugin. Ensure you're using the latest version to mitigate risks. Check the changeset for details: https://t.co/RBiyFQndFy #WordPress #CVE
@transilienceai
13 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10688 The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to ins… https://t.co/PivcBkiBYu
@CVEnew
9 Nov 2024
286 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes