CVE-2023-1371

MEDIUM

W4 Post List < 2.4.6 - Authenticated Missing Authorization for Password-Protected Posts

Title source: llm
STIX 2.1

Description

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/ad5c167e-77f7-453c-9443-df6e07705d89

Scores

CVSS v3 6.5
EPSS 0.0065
EPSS Percentile 46.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
w4_post_list_project/w4_post_list < 2.4.6
Published Apr 17, 2023
Tracked Since Feb 18, 2026