CVE Vulnerabilities

CVE-2024-0975

Published: Feb 28, 2024 | Modified: Feb 07, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugins Make Website Members Only feature (when unset) and view restricted page and post content.

Affected Software

Name Vendor Start Version End Version
Wordpress_access_control Brandonwamboldt * 4.0.13 (including)

References