CVE-2024-13546 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_descripti…
Medium CVSS: 4.3

CVE-2024-13546

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.
Vendor
-
Product
-
CWE
CWE-200
Yayın Tarihi
2025-03-01 10:15:10
Güncelleme
2025-03-01 10:15:10
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-200 MEDIUM 2025

Referanslar

https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-dynamic-content.php#L1047 https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-dynamic-content.php#L1054 https://plugins.trac.wordpress.org/changeset/3239461/ https://www.wordfence.com/threat-intel/vulnerabilities/id/4f6f2a8c-ecd9-482c-a32e-0c3d7a7e4ec4?source=cve