CVE-2024-0437

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or higher, to extract post titles and content, thus bypassing the plugin's password protection.
Configurations

No configuration.

History

08 Apr 2026, 19:19

Type Values Removed Values Added
CWE CWE-284

21 Nov 2024, 08:46

Type Values Removed Values Added
Summary
  • (es) El complemento Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease de WordPress con facilidad es vulnerable a la exposición de información confidencial en todas las versiones hasta la 2.6.6 incluida a través de la API. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, extraigan títulos y contenido de publicaciones, evitando así la protección con contraseña del complemento.
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail= -
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve -

15 May 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-15 00:15

Updated : 2026-06-17 06:53


NVD link : CVE-2024-0437

Mitre link : CVE-2024-0437

CVE.ORG link : CVE-2024-0437


JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control