WordPress Plugin Vulnerabilities

Qubely < 1.8.14 - Contributor+ Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data.

Affects Plugins

Plugin icon
qubely
Fixed in 1.8.14

References

CVE
CVE-2024-13228
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/72c66e71-dddb-4142-ae13-da3caffd8714

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Nishiv
Verified
No
WPVDB ID
78c66812-8986-4d06-8f96-d9ea57a829e8

Timeline

Publicly Published
2025-03-10 (about 1 year ago)
Added
2025-03-12 (about 1 year ago)
Last Updated
2025-03-12 (about 1 year ago)

Other

Published
Title
Published
2024-04-05
Title
User Spam Remover < 1.1 - Unauthenticated Sensitive Information Exposure
Published
2024-09-11
Title
Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure
Published
2024-09-04
Title
Ivory Search – WordPress Search Plugin < 5.5.7 - Information Exposure via AJAX Search Form
Published
2025-09-26
Title
The Tribal < 1.3.4 - Unauthenticated Sensitive Information Exposure
Published
2025-02-04
Title
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto < 8.0.9 - Unauthenticated Sensitive Information Exposure