CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.
Configurations

No configuration.

History

19 Dec 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-12-19 07:15

Updated : 2024-12-19 07:15


NVD link : CVE-2024-12560

Mitre link : CVE-2024-12560

CVE.ORG link : CVE-2024-12560


JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor