CVE-2024-0839

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:feedwordpress_project:feedwordpress:*:*:*:*:*:wordpress:*:*

History

11 Mar 2025, 13:25

Type Values Removed Values Added
First Time Feedwordpress Project
Feedwordpress Project feedwordpress
CWE CWE-639
CPE cpe:2.3:a:feedwordpress_project:feedwordpress:*:*:*:*:*:wordpress:*:*
References () https://wordpress.org/plugins/feedwordpress/ - () https://wordpress.org/plugins/feedwordpress/ - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve - Third Party Advisory

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://wordpress.org/plugins/feedwordpress/ - () https://wordpress.org/plugins/feedwordpress/ -
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve -
Summary
  • (es) El complemento FeedWordPress para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 2022.0222 incluida debido a la falta de validación en la clave 'guid' controlada por el usuario. Esto hace posible que atacantes no autenticados vean borradores de publicaciones que pueden contener información confidencial.

13 Mar 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-13 16:15

Updated : 2025-03-11 13:25


NVD link : CVE-2024-0839

Mitre link : CVE-2024-0839

CVE.ORG link : CVE-2024-0839


JSON object : View

Products Affected

feedwordpress_project

  • feedwordpress
CWE
CWE-639

Authorization Bypass Through User-Controlled Key