The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9caa8d2e-383b-47d7-8d21-d2ed6b1664cb | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-03-13T16:03:31.466Z
Updated: 2023-03-13T16:03:31.466Z
Reserved: 2023-02-08T13:56:45.588Z
Link: CVE-2023-0749
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-13T17:15:12.687
Modified: 2023-11-07T04:01:23.137
Link: CVE-2023-0749
JSON object: View
Redhat Information
No data.
CWE