WordPress Plugin Vulnerabilities

Anonymous Restricted Content < 1.6.3 - Protection Mechanism Bypass

Description

The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.

Affects Plugins

Plugin icon
anonymous-restricted-content
Fixed in 1.6.3

References

CVE
CVE-2024-0909
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
9abb2dd2-3b5c-45a2-9e63-aae0e1a9fa26

Timeline

Publicly Published
2024-02-02 (about 2 years ago)
Added
2024-02-02 (about 2 years ago)
Last Updated
2024-02-02 (about 2 years ago)

Other

Published
Title
Published
2025-09-12
Title
Multiple Plugins and Themes by inkthemes - Unauthenticated Information Exposure
Published
2025-03-07
Title
All-in-One Addons for Elementor – WidgetKit <= 2.5.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
Published
2024-11-20
Title
Stratum – Elementor Widgets < 1.4.5 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
Published
2024-02-02
Title
Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download
Published
2024-05-09
Title
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure