Vulnerability Description
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniorange | Page Restriction | < 1.3.5 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59Third Party Advisory
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59Third Party Advisory
FAQ
What is CVE-2024-0681?
CVE-2024-0681 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not prop...
How severe is CVE-2024-0681?
CVE-2024-0681 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0681?
Check the references section above for vendor advisories and patch information. Affected products include: Miniorange Page Restriction.