Content Control < 2.2.0 – Missing Authorization to Sensitive Information Exposure | CVE 2024-0615 | Plugin Vulnerabilities

Description

The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only.

Affects Plugins

content-control

Fixed in 2.2.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/a14cce74-6432-4b92-85c8-8b899e4248fd

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

4a683d85-6528-49f7-9f10-c1f59bf1db6b

Timeline

Publicly Published

2024-04-16 (about 2 years ago)

Added

2024-04-16 (about 2 years ago)

Last Updated

2024-04-16 (about 2 years ago)

Other

Published

Title

Published

2023-11-24

Title

Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure

Published

2024-07-15

Title

Glossary < 2.2.27 - Unauthenticated Full Path Disclosure

Published

2025-01-06

Title

Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure

Published

2024-04-05

Title

User Spam Remover < 1.1 - Unauthenticated Sensitive Information Exposure

Published

2024-05-03

Title

SEOPress < 7.7 - Information Exposure