CVE-2024-10802

CVSS V2 None CVSS V3 None
Description
The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.
Overview
  • CVE ID
  • CVE-2024-10802
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-13T03:20:05.820Z
  • Last Modified Date
  • 2024-11-13T03:20:05.820Z
History
Created Old Value New Value Data Type Notes
2024-11-13 13:17:55 Added to TrackCVE