CVE-2024-0908 – Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure

https://notcve.org/view.php?id=CVE-2024-0908

The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected. El complemento Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función apbPosts() conectada mediante una acción AJAX en todas las versiones hasta, y incluyendo, 1.13.1. Esto hace posible que atacantes no autenticados recuperen todos los datos de las publicaciones, incluidos aquellos que pueden estar protegidos con contraseña. The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. • https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173 https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve • CWE-862: Missing Authorization •