WordPress Plugin Vulnerabilities
Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access
Description
The plugin does not ensure that user have access to password protected post before displaying its content in a meta tag.
Proof of Concept
When the "Disable Open Graph Meta Tags" settings of the plugin is disabled, view the source of a password protected post and note its content being disclosed in the "og:description" meta property tag.
Affects Plugins
References
CVE
Classification
Type
AUTHBYPASS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-03-11 (about 2 months ago)
Added
2024-03-11 (about 2 months ago)
Last Updated
2024-03-11 (about 2 months ago)