CVE-2024-11094
Published: 16 November 2024
Summary
CVE-2024-11094 is a medium-severity Exposure of Data Element to Wrong Session (CWE-488) vulnerability in Wordpress (inferred from references). Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 39.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33647
Vulnerability details
The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract data such as redirects including GET parameters…
more
which may reveal sensitive information. On most sites this is unlikely to be the case.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.