cve/2023/CVE-2023-1371.md

### [CVE-2023-1371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1371)
![](https://img.shields.io/static/v1?label=Product&message=W4%20Post%20List&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

### Description

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them

### POC

#### Reference
- https://wpscan.com/vulnerability/ad5c167e-77f7-453c-9443-df6e07705d89

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-1371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1371)`
			`![](https://img.shields.io/static/v1?label=Product&message=W4%20Post%20List&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.6%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)`

			`### Description`

			`The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/ad5c167e-77f7-453c-9443-df6e07705d89`

			`#### Github`
			`No PoCs found on GitHub currently.`