CVE-2024-1479: The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the...

5.3 CVSS

Description

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages.

Classification

CVE ID: CVE-2024-1479

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-863 Incorrect Authorization

Affected Products

Vendor: edge22

Product: WP Show Posts

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.29% (probability of being exploited)

EPSS Percentile: 51.48% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-1479
https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve
https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224
https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=

Timeline

2025-04-15 16:40:22 UTC
CVE

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the...