CVE-2023-1426

2023-04-1014:15:09

[email protected]

web.nvd.nist.gov

wp tiles

wordpress plugin

cve-2023-1426

security vulnerability

authenticated users

draft posts

private posts

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

30.0%

JSON

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.

Affected configurations

Vulners

NVD

Node

keetraxwp_tilesRange≤1.1.2

VendorProductVersionCPE
keetraxwp_tiles*cpe:2.3:a:keetrax:wp_tiles:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
keetrax	wp_tiles	*	cpe:2.3:a:keetrax:wp_tiles::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Tiles",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.1.2"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]