{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-3312","assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","state":"PUBLISHED","assignerShortName":"Wordfence","dateReserved":"2024-04-04T15:57:44.990Z","datePublished":"2024-05-02T16:52:23.219Z","dateUpdated":"2026-04-08T17:05:56.449Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence","dateUpdated":"2026-04-08T17:05:56.449Z"},"affected":[{"vendor":"todiadiatmo","product":"Easy Custom Auto Excerpt","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.4.12","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts."}],"title":"Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure","references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c1e1fe4-23be-4f66-ae9f-cabb83811b71?source=cve"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071273%40easy-custom-auto-excerpt%2Ftrunk&old=2242878%40easy-custom-auto-excerpt%2Ftrunk&sfp_email=&sfph_mail="}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-862 Missing Authorization","cweId":"CWE-862","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"credits":[{"lang":"en","type":"finder","value":"Krzysztof ZajÄ…c"}],"timeline":[{"time":"2024-04-18T00:00:00.000Z","lang":"en","value":"Disclosed"}]},"adp":[{"affected":[{"vendor":"tonjoostudio","product":"easy_custom_auto_excerpt","cpes":["cpe:2.3:a:tonjoostudio:easy_custom_auto_excerpt:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.4.12","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-05T18:48:47.453922Z","id":"CVE-2024-3312","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T21:09:21.792Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:05:08.422Z"},"title":"CVE Program Container","references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8c1e1fe4-23be-4f66-ae9f-cabb83811b71?source=cve","tags":["x_transferred"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3071273%40easy-custom-auto-excerpt%2Ftrunk&old=2242878%40easy-custom-auto-excerpt%2Ftrunk&sfp_email=&sfph_mail=","tags":["x_transferred"]}]}]}}