Vulnerability Details CVE-2024-0620
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.0%
CVSS Severity
CVSS v3 Score 5.3
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve
Products affected by CVE-2024-0620
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.0.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.1.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.1.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.1.2.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.1.2.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.3
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.3.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.3.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.3.3
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.2.3.4
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.3.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.3
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.3.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.3.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.4
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.5
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.4.5.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.5.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.5.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.5.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.6.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.10
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.3
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.4
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.5
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.6
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.7
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.8
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.9
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.7.9.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.0
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.3
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.4
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.5
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.6
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.6.1
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.6.2
-
cpe:2.3:a:passwordprotectwp:password_protect_wordpress:1.8.7