/

CVE-2024-1995 Report - Details, Severity, & Advisories

CVE-2024-1995 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1995?

CVE-2024-1995 is a medium-severity vulnerability affecting the Smart Custom Fields plugin for WordPress. This vulnerability allows unauthorized access to data, enabling attackers with subscriber-level access to retrieve password-protected and private post content. Websites using the Smart Custom Fields plugin up to and including version 4.2.2 are at risk. It's essential for users to update their plugin to a secure version to protect their WordPress websites from potential breaches.

Who is impacted?

The CVE-2024-1995 vulnerability affects users of the Smart Custom Fields plugin for WordPress, specifically those with subscriber-level access and above. All versions of the plugin up to and including 4.2.2 are impacted by this issue. This vulnerability allows unauthorized access to data, enabling attackers to retrieve password-protected and private post content. It is crucial for users to be aware of this vulnerability and take necessary precautions to protect their websites.

What to do if CVE-2024-1995 affected you?

If you're affected by the CVE-2024-1995 vulnerability, it's crucial to update your Smart Custom Fields plugin to a secure version. Follow these simple steps:

  1. Log in to your WordPress dashboard.

  2. Go to the "Plugins" section.

  3. Find the "Smart Custom Fields" plugin in the list.

  4. Check the current version of the plugin. If it is 4.2.2 or lower, update the plugin to version 5.0.0 or a newer patched version.

  5. Ensure that the plugin is updated and functioning correctly.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1995 vulnerability in the Smart Custom Fields plugin for WordPress is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, called "Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure," was published on March 19, 2024. To address this vulnerability, users should update their plugin to version 5.0.0 or a newer patched version.

Weakness Enumeration

The weakness enumeration for this vulnerability is Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1995 is a medium-severity vulnerability affecting the Smart Custom Fields plugin for WordPress, allowing unauthorized access to data. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-1995 Report - Details, Severity, & Advisories

CVE-2024-1995 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1995?

CVE-2024-1995 is a medium-severity vulnerability affecting the Smart Custom Fields plugin for WordPress. This vulnerability allows unauthorized access to data, enabling attackers with subscriber-level access to retrieve password-protected and private post content. Websites using the Smart Custom Fields plugin up to and including version 4.2.2 are at risk. It's essential for users to update their plugin to a secure version to protect their WordPress websites from potential breaches.

Who is impacted?

The CVE-2024-1995 vulnerability affects users of the Smart Custom Fields plugin for WordPress, specifically those with subscriber-level access and above. All versions of the plugin up to and including 4.2.2 are impacted by this issue. This vulnerability allows unauthorized access to data, enabling attackers to retrieve password-protected and private post content. It is crucial for users to be aware of this vulnerability and take necessary precautions to protect their websites.

What to do if CVE-2024-1995 affected you?

If you're affected by the CVE-2024-1995 vulnerability, it's crucial to update your Smart Custom Fields plugin to a secure version. Follow these simple steps:

  1. Log in to your WordPress dashboard.

  2. Go to the "Plugins" section.

  3. Find the "Smart Custom Fields" plugin in the list.

  4. Check the current version of the plugin. If it is 4.2.2 or lower, update the plugin to version 5.0.0 or a newer patched version.

  5. Ensure that the plugin is updated and functioning correctly.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1995 vulnerability in the Smart Custom Fields plugin for WordPress is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, called "Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure," was published on March 19, 2024. To address this vulnerability, users should update their plugin to version 5.0.0 or a newer patched version.

Weakness Enumeration

The weakness enumeration for this vulnerability is Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1995 is a medium-severity vulnerability affecting the Smart Custom Fields plugin for WordPress, allowing unauthorized access to data. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-1995 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1995?

CVE-2024-1995 is a medium-severity vulnerability affecting the Smart Custom Fields plugin for WordPress. This vulnerability allows unauthorized access to data, enabling attackers with subscriber-level access to retrieve password-protected and private post content. Websites using the Smart Custom Fields plugin up to and including version 4.2.2 are at risk. It's essential for users to update their plugin to a secure version to protect their WordPress websites from potential breaches.

Who is impacted?

The CVE-2024-1995 vulnerability affects users of the Smart Custom Fields plugin for WordPress, specifically those with subscriber-level access and above. All versions of the plugin up to and including 4.2.2 are impacted by this issue. This vulnerability allows unauthorized access to data, enabling attackers to retrieve password-protected and private post content. It is crucial for users to be aware of this vulnerability and take necessary precautions to protect their websites.

What to do if CVE-2024-1995 affected you?

If you're affected by the CVE-2024-1995 vulnerability, it's crucial to update your Smart Custom Fields plugin to a secure version. Follow these simple steps:

  1. Log in to your WordPress dashboard.

  2. Go to the "Plugins" section.

  3. Find the "Smart Custom Fields" plugin in the list.

  4. Check the current version of the plugin. If it is 4.2.2 or lower, update the plugin to version 5.0.0 or a newer patched version.

  5. Ensure that the plugin is updated and functioning correctly.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1995 vulnerability in the Smart Custom Fields plugin for WordPress is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, called "Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure," was published on March 19, 2024. To address this vulnerability, users should update their plugin to version 5.0.0 or a newer patched version.

Weakness Enumeration

The weakness enumeration for this vulnerability is Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1995 is a medium-severity vulnerability affecting the Smart Custom Fields plugin for WordPress, allowing unauthorized access to data. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.