CVE-2024-1479 - Vulnerability Details - OpenCVE

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Edge22	Wp Show Posts
Generatepress	Wp Show Posts

Configuration 1 [-]

cpe:2.3:a:generatepress:wp_show_posts:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224
https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve

History

Tue, 15 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Edge22 Edge22 wp Show Posts
CPEs		cpe:2.3:a:edge22:wp_show_posts::::::::
Vendors & Products		Edge22 Edge22 wp Show Posts
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 06 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Generatepress Generatepress wp Show Posts
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:generatepress:wp_show_posts::::::wordpress::*
Vendors & Products		Generatepress Generatepress wp Show Posts

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-03-13T15:26:54.886Z

Updated: 2025-04-15T15:21:58.589Z

Reserved: 2024-02-13T17:47:32.365Z

Link: CVE-2024-1479

Vulnrichment

Updated: 2024-08-01T18:40:21.174Z

NVD

Status : Analyzed

Published: 2024-03-13T16:15:23.013

Modified: 2025-03-06T14:24:40.890

Link: CVE-2024-1479

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1479", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-02-13T17:47:32.365Z", "datePublished": "2024-03-13T15:26:54.886Z", "dateUpdated": "2025-04-15T15:21:58.589Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-13T15:26:54.886Z"}, "affected": [{"vendor": "edge22", "product": "WP Show Posts", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.1.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "timeline": [{"time": "2024-03-01T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "edge22", "product": "wp_show_posts", "cpes": ["cpe:2.3:a:edge22:wp_show_posts:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "14.1.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-13T18:10:19.947291Z", "id": "CVE-2024-1479", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T15:21:58.589Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.174Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.174Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1479", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-13T18:10:19.947291Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:edge22:wp_show_posts:*:*:*:*:*:*:*:*"], "vendor": "edge22", "product": "wp_show_posts", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "14.1.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T17:37:59.115Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Craig Smith"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "edge22", "product": "WP Show Posts", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-03-01T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-13T15:26:54.886Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1479", "state": "PUBLISHED", "dateUpdated": "2025-04-15T15:21:58.589Z", "dateReserved": "2024-02-13T17:47:32.365Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-03-13T15:26:54.886Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:generatepress:wp_show_posts:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DC81EC69-6B2E-414A-BF8B-50F3ADC98BB2", "versionEndExcluding": "1.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages."}, {"lang": "es", "value": "El complemento WP Show Posts para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.1.4 incluida a trav\u00e9s de la funci\u00f3n wpsp_display. Esto hace posible que atacantes autenticados con acceso de colaborador y superior vean el contenido de p\u00e1ginas y publicaciones borrador, papelera, futuras, privadas y pendientes."}], "id": "CVE-2024-1479", "lastModified": "2025-03-06T14:24:40.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-03-13T16:15:23.013", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}