CVE-2024-8195

CVSS V2 None CVSS V3 None

Description

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extract sensitive data including password, title, and content of password-protected posts.

Overview

CVE ID
CVE-2024-8195

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-08-28T13:54:28.403Z

Last Modified Date
2024-08-28T14:09:04.535Z

Weakness Enumerations

CWE	URL
CWE-862	http://cwe.mitre.org/data/definitions/862.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/aadf1d59-60ba-4da2-adbb-4e84d587a34d?source=cve
https://plugins.trac.wordpress.org/browser/permalink-manager/tags/2.4.4/includes/core/permalink-manager-debug.php#L70
https://plugins.trac.wordpress.org/changeset/3142479/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-8195
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8195

History

Created	Old Value	New Value	Data Type	Notes
2024-08-29 13:03:19				Added to TrackCVE