Medium severity5.3NVD Advisory· Published Mar 13, 2024· Updated Apr 8, 2026

CVE-2024-0839

Description

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information.

Affected products

Feedwordpress Project/Feedwordpress
cpe:2.3:a:feedwordpress_project:feedwordpress:*:*:*:*:*:wordpress:*:*
Range: <2024.0428

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbcnvdThird Party Advisory
wordpress.org/plugins/feedwordpress/nvdProduct
plugins.trac.wordpress.org/changesetnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000