← Back to CVEs
CVE-2024-0616
MEDIUM5.3
Description
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/29/2024
Last Modified4/8/2026
Sourcenvd
Honeypot Sightings0
Affected Products
wpchill:passster
Weaknesses (CWE)
CWE-200
References
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.