| CVE编号 | CVE-2025-1504 |
|---|---|
| 发布日期 | 2025-03-08T02:24:03.840Z |
| 更新日期 | 2025-03-10T16:03:01.730Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | andyexeter |
| 受影响的产品 | Post Lockdown |
| 描述 | The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. |
参考链接:
