CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6250 – BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read
https://notcve.org/view.php?id=CVE-2023-6250
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag El complemento BestWebSoft's Like & Share WordPress anterior a la versión 2.74 revela el contenido de las publicaciones protegidas con contraseña a usuarios no autenticados a través de una metaetiqueta. The BestWebSoft's Like & Share – Posts, Pages and Widget Social Extension plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.73 via a meta tag. This makes it possible for unauthenticated attackers to view the content of password protected posts. • https://wpscan.com/vulnerability/6cad602b-7414-4867-8ae2-f0b846c4c8f0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •