CVE-2024-1083: Infoleak
First published: Wed Mar 13 2024(Updated: )
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Simple Restrict | <=1.2.6 | |
| WordPress Simple Restrict | <1.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-1083?
CVE-2024-1083 has a medium severity level due to its potential for sensitive information exposure.
How do I fix CVE-2024-1083?
To fix CVE-2024-1083, update the Simple Restrict plugin to version 1.2.7 or later.
Who is affected by CVE-2024-1083?
CVE-2024-1083 affects all versions of the Simple Restrict plugin up to and including 1.2.6 on WordPress sites.
What type of information can be exposed by CVE-2024-1083?
CVE-2024-1083 allows authenticated attackers to extract post titles and content through the REST API.
Is authentication required to exploit CVE-2024-1083?
Yes, CVE-2024-1083 requires authentication for the attacker to bypass the plugin's restrictions.
- agent/references
- agent/author
- agent/type
- agent/description
- agent/weakness
- agent/severity
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/wordpress
- canonical/wordpress simple restrict
- vendor/wpchill