CVE-2024-0212 – Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)
https://notcve.org/view.php?id=CVE-2024-0212
The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. Se descubrió que el complemento Cloudflare Wordpress era vulnerable a una autenticación incorrecta. La vulnerabilidad permite a los atacantes con una cuenta con menos privilegios acceder a datos de la API de Cloudflare. The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. • https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3 https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2 • CWE-284: Improper Access Control CWE-862: Missing Authorization •