CVE-2024-1769

EUVD-2024-17494
The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
jmlapamjm_twitter_cards
𝑥
< 14.1.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
jmlapamjm_twitter_cards
𝑥
≤ 12
ADP
References
https://wordpress.org/plugins/jm-twitter-cards/
https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve
https://wordpress.org/plugins/jm-twitter-cards/
https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve