CVE-2024-1462
First published: Wed Mar 13 2024(Updated: )
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themegrill Maintenance Page | <1.0.9 | |
| WordPress Maintenance | <=1.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-1462?
CVE-2024-1462 has been categorized as a medium severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2024-1462?
To fix CVE-2024-1462, upgrade the Maintenance Page plugin to version 1.0.9 or later.
Who is affected by CVE-2024-1462?
Any WordPress site using the Maintenance Page plugin version 1.0.8 or earlier is affected by CVE-2024-1462.
What type of information can be exposed by CVE-2024-1462?
CVE-2024-1462 can expose post titles and content from WordPress sites while they are in maintenance mode.
Is authentication required to exploit CVE-2024-1462?
No, unauthenticated attackers can exploit CVE-2024-1462 to access sensitive information.
- agent/references
- agent/description
- agent/author
- agent/type
- agent/severity
- agent/weakness
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup-request
- vendor/themegrill
- canonical/themegrill maintenance page
- vendor/wordpress
- canonical/wordpress maintenance