CVE-2024-11083: ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
First published: Wed Nov 27 2024(Updated: )
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress ProfilePress | <=4.15.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11083?
CVE-2024-11083 is considered a high severity vulnerability due to the exposure of sensitive information.
How do I fix CVE-2024-11083?
To fix CVE-2024-11083, update the ProfilePress plugin to version 4.15.19 or later.
What versions of ProfilePress are affected by CVE-2024-11083?
CVE-2024-11083 affects all versions of ProfilePress up to and including 4.15.18.
Who can exploit CVE-2024-11083?
CVE-2024-11083 can be exploited by unauthenticated attackers.
What type of data is exposed in CVE-2024-11083?
CVE-2024-11083 allows attackers to extract sensitive data from restricted posts.
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/profilepress
- canonical/wordpress profilepress