Unrated severityNVD Advisory· Published Aug 28, 2024· Updated Apr 8, 2026

Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure

CVE-2024-8195

Description

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extract sensitive data including password, title, and content of password-protected posts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Mbis/Permalink Manager Litev5
Range: 0

Patches

Vulnerability mechanics

References

plugins.trac.wordpress.org/browser/permalink-manager/tags/2.4.4/includes/core/permalink-manager-debug.phpmitre
plugins.trac.wordpress.org/changeset/3142479/mitre
www.wordfence.com/threat-intel/vulnerabilities/id/aadf1d59-60ba-4da2-adbb-4e84d587a34dmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000