WordPress Plugin Vulnerabilities

WP Show Posts < 1.1.6 - Improper Authorization to Information Exposure

Description

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary post metadata, list posts, and view terms and taxonomies.

Affects Plugins

Plugin icon
wp-show-posts
Fixed in 1.1.6

References

CVE
CVE-2023-6731
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e6bb3680-0623-4633-971e-3bc4a52dfad3

Miscellaneous

Original Researcher
Lucio Sá
Verified
No
WPVDB ID
de26551e-92f1-4761-81c7-bda0f8be47c4

Timeline

Publicly Published
2024-04-16 (about 2 years ago)
Added
2024-04-17 (about 2 years ago)
Last Updated
2024-04-17 (about 2 years ago)

Other

Published
Title
Published
2018-04-01
Title
WordPress File Upload <= 4.3.2 - Security Issue in Shortcodes
Published
2020-02-05
Title
Events Manager Pro < 2.6.7.2 - CSV Injection
Published
2014-08-01
Title
Echelon 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download
Published
2024-11-11
Title
Relais 2FA <= 1.0 - Authentication Bypass
Published
2014-08-01
Title
Gallery Bank 2.0.19 - Multiple Unspecified Issues