Vulnerability Description
The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rajkakadiya | Password Protected Store For Woocommerce | < 2.3 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old
- https://wordpress.org/plugins/password-protected-woo-store/Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae1e8fd-4d1b-4590-a14Third Party Advisory
- https://wordpress.org/plugins/password-protected-woo-store/Product
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae1e8fd-4d1b-4590-a14Third Party Advisory
FAQ
What is CVE-2024-1088?
CVE-2024-1088 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the REST API. This makes it possible for...
How severe is CVE-2024-1088?
CVE-2024-1088 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-1088?
Check the references section above for vendor advisories and patch information. Affected products include: Rajkakadiya Password Protected Store For Woocommerce.