{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-0908", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-01-25T20:32:16.272Z", "datePublished": "2024-05-02T16:52:24.157Z", "dateUpdated": "2026-04-08T17:06:37.650Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:37.650Z"}, "affected": [{"vendor": "bplugins", "product": "Advanced Post Block \u2013 Showcase Posts with Grid, List, Card Layouts and Filters", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.13.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected."}], "title": "Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173"}, {"url": "https://plugins.trac.wordpress.org/changeset/3081482/advanced-post-block/trunk/plugin.php?old=3077963&old_path=advanced-post-block%2Ftrunk%2Fplugin.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "timeline": [{"time": "2024-04-11T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0908", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T18:15:37.586443Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:abuhayat:advanced_post_block:*:*:*:*:*:*:*:*"], "vendor": "abuhayat", "product": "advanced_post_block", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.13.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:58:46.555Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.916Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.916Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0908", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-02T18:15:37.586443Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:abuhayat:advanced_post_block:*:*:*:*:*:*:*:*"], "vendor": "abuhayat", "product": "advanced_post_block", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.13.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-02T18:17:13.092Z"}}], "cna": {"title": "Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure", "credits": [{"lang": "en", "type": "finder", "value": "Krzysztof Zaj\u0105c"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "bplugins", "product": "Advanced Post Block \u2013 Showcase Posts with Grid, List, Card Layouts and Filters", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.13.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-04-11T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173"}, {"url": "https://plugins.trac.wordpress.org/changeset/3081482/advanced-post-block/trunk/plugin.php?old=3077963&old_path=advanced-post-block%2Ftrunk%2Fplugin.php"}], "descriptions": [{"lang": "en", "value": "The Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:37.650Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0908", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:06:37.650Z", "dateReserved": "2024-01-25T20:32:16.272Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-05-02T16:52:24.157Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.4. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected."}, {"lang": "es", "value": "El complemento Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n apbPosts() conectada mediante una acci\u00f3n AJAX en todas las versiones hasta, y incluyendo, 1.13.1. Esto hace posible que atacantes no autenticados recuperen todos los datos de las publicaciones, incluidos aquellos que pueden estar protegidos con contrase\u00f1a."}], "id": "CVE-2024-0908", "lastModified": "2026-04-08T18:19:00.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-05-02T17:15:10.217", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3081482/advanced-post-block/trunk/plugin.php?old=3077963&old_path=advanced-post-block%2Ftrunk%2Fplugin.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"created": "2025-07-13T11:13:53.167939+00:00", "updated": "2025-07-13T11:13:53.167992+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}