CVE-2024-1984

Name
CVE-2024-1984
Description
The Graphene theme for WordPress is vulnerable to unauthorized access of data via meta tag in all versions up to, and including, 2.9.2. This makes it possible for unauthenticated individuals to obtain post contents of password protected posts via the generated source.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@wordfence.com https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=221417%40graphene%2F2.9.3&old=164915%40graphene%2F2.9
security@wordfence.com https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f19051-fe80-469c-a514-ec3a848a4015?source=cve

Match rules

CPE URI Source package Min version Max version
graphene >= 0 <= 2.9.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
graphene 3.20-main 1.10.8-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
graphene 3.19-main 1.10.8-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
graphene 3.18-main 1.10.8-r2 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable
graphene 3.17-main 1.10.8-r1 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable
graphene edge-main 1.10.8-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable