WordPress Plugin Vulnerabilities

JM Twitter Cards < 14.1.0 - Password Protected Post Access

Description

The plugin is vulnerable to Information Exposure via the meta description data, allowing unauthenticated attackers to view password protected post content when viewing the page source.

Affects Plugins

Plugin icon
jm-twitter-cards
Fixed in 14.1.0

References

CVE
CVE-2024-1769
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
7ccc11a6-d5e1-4d13-bdf4-068aa4b567c6

Timeline

Publicly Published
2024-03-04 (about 2 years ago)
Added
2024-03-04 (about 2 years ago)
Last Updated
2024-03-11 (about 2 years ago)

Other

Published
Title
Published
2023-09-25
Title
WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing
Published
2026-05-12
Title
Broadstreet < 1.53.2 - Authenticated (Subscriber+) Information Disclosure
Published
2023-10-16
Title
simple-download-button-shortcode <= 1.1.1 - Sensitive Data Disclosure
Published
2025-11-09
Title
Follow My Blog Post < 2.4.0 - Unauthenticated Information Exposure
Published
2023-11-30
Title
Backup Migration < 1.3.7 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure