Vulnerability Details CVE-2024-0839
The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.3%
CVSS Severity
CVSS v3 Score 5.3
References
- https://wordpress.org/plugins/feedwordpress/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve
- https://wordpress.org/plugins/feedwordpress/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve
Products affected by CVE-2024-0839
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.96
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.97
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.98
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.981
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.99
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.991
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.992
-
cpe:2.3:a:feedwordpress_project:feedwordpress:0.993
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2008.1030
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2008.1101
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2008.1105
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2008.1214
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2009.0612
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2009.0613
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2009.0618
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2009.0707
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2010.0528
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2010.0531
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2010.0602
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2010.0623
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2010.0903
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2010.0905
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.0211
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.0512
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.0531
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.0602
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.0706
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.0721
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.1018
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2011.1019
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2012.0503
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2012.0504
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2012.1212
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2012.1218
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2013.0504
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2014.0805
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2015.0514
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2016.0420
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2016.1211
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2016.1213
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2017.0913
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2017.1020
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2020.0118
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2020.0818
-
cpe:2.3:a:feedwordpress_project:feedwordpress:2021.0713