CVE-2024-0708: Infoleak
First published: Thu Feb 15 2024(Updated: )
The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fatcatapps Landing Page Cat | <1.7.3 | |
| Landing Page Cat | <=1.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-0708?
CVE-2024-0708 is classified as a medium severity vulnerability due to the potential for unauthorized access to sensitive landing pages.
How do I fix CVE-2024-0708?
To fix CVE-2024-0708, update the Landing Page Cat plugin to version 1.7.3 or later.
Who is affected by CVE-2024-0708?
All users of the Landing Page Cat plugin for WordPress versions up to and including 1.7.2 are affected by CVE-2024-0708.
What types of data are exposed in CVE-2024-0708?
CVE-2024-0708 can lead to unauthorized access to sensitive landing page content that may not be intended for public viewing.
Can CVE-2024-0708 be exploited remotely?
Yes, CVE-2024-0708 can be exploited by unauthenticated attackers remotely without needing to log in.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- vendor/fatcatapps
- canonical/fatcatapps landing page cat
- vendor/landing page cat
- canonical/landing page cat