CVE-2024-1452

MEDIUM

GenerateBlocks <1.8.2 - Info Disclosure

Title source: llm

Description

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates.

References (4)

Core 4

Core References

Product

https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L140

Product

https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L70

Patch

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041431%40generateblocks%2Ftrunk&old=2995923%40generateblocks%2Ftrunk&sfp_email=&sfph_mail=#file2

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/62f19301-2311-4989-a5f2-9f845b72dd54?source=cve

Scores

CVSS v3 4.3

EPSS 0.0057

EPSS Percentile 42.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (2)

edge22/GenerateBlocks < 1.8.2

generatepress/generateblocks < 1.8.3

Published Mar 13, 2024

Tracked Since Feb 18, 2026