CVE-2024-10802

MEDIUM

5.3

Description

The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.

CVE Details

CVSS v3.1 Score5.3

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published11/13/2024

Last Modified6/5/2025

Sourcenvd

Honeypot Sightings0

Affected Products

hashthemes:hash_elements

Weaknesses (CWE)

CWE-862

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3186151%40hash-elements&new=3186151%40hash-elements&sfp_email=&sfph_mail=(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/010590bc-98fb-4afe-9c5e-80ad4c50a34e?source=cve(security@wordfence.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.