The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/1afc0e4a-f712-47d4-bf29-7719ccbbbb1b | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-12-18T20:08:02.427Z
Updated: 2023-12-18T20:08:02.427Z
Reserved: 2023-11-10T10:18:30.677Z
Link: CVE-2023-6077
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-18T20:15:08.797
Modified: 2023-12-21T19:35:11.607
Link: CVE-2023-6077
JSON object: View
Redhat Information
No data.
CWE