CVE-2024-0681: CWE-693 Protection Mechanism Failure in cyberlord92 Page and Post Restriction
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage.
AI Analysis
Technical Summary
CVE-2024-0681 describes an information disclosure vulnerability in the cyberlord92 Page and Post Restriction WordPress plugin. The plugin fails to restrict access to private pages via the REST API, allowing unauthenticated attackers to view content meant to be private. The vendor has explicitly decided not to implement REST API protection for posts and pages, limiting restrictions to the front-end. Instead, they advise installing an additional plugin for REST API authentication. No official patch or fix is provided by the vendor for this REST API access issue.
Potential Impact
This vulnerability allows unauthenticated attackers to access private pages through the REST API, leading to unauthorized information disclosure. There is no impact on data integrity or availability. The CVSS score of 5.3 reflects a medium severity due to the ease of access (network attack vector, no privileges required) and the limited impact to confidentiality only.
Mitigation Recommendations
The vendor does not provide an official fix for the REST API access issue and recommends installing the WordPress REST API Authentication plugin to enforce authentication on REST API requests. Site administrators should consider this additional plugin to mitigate unauthorized access via the REST API. Since the vendor applies restrictions only on the front-end, relying solely on the Page and Post Restriction plugin is insufficient to protect private content accessed through the REST API.
CVE-2024-0681: CWE-693 Protection Mechanism Failure in cyberlord92 Page and Post Restriction
Description
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-0681 describes an information disclosure vulnerability in the cyberlord92 Page and Post Restriction WordPress plugin. The plugin fails to restrict access to private pages via the REST API, allowing unauthenticated attackers to view content meant to be private. The vendor has explicitly decided not to implement REST API protection for posts and pages, limiting restrictions to the front-end. Instead, they advise installing an additional plugin for REST API authentication. No official patch or fix is provided by the vendor for this REST API access issue.
Potential Impact
This vulnerability allows unauthenticated attackers to access private pages through the REST API, leading to unauthorized information disclosure. There is no impact on data integrity or availability. The CVSS score of 5.3 reflects a medium severity due to the ease of access (network attack vector, no privileges required) and the limited impact to confidentiality only.
Mitigation Recommendations
The vendor does not provide an official fix for the REST API access issue and recommends installing the WordPress REST API Authentication plugin to enforce authentication on REST API requests. Site administrators should consider this additional plugin to mitigate unauthorized access via the REST API. Since the vendor applies restrictions only on the front-end, relying solely on the Page and Post Restriction plugin is insufficient to protect private content accessed through the REST API.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-01-18T13:55:00.721Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6de3b7ef31ef0b590249
Added to database: 2/25/2026, 9:47:15 PM
Last enriched: 4/9/2026, 5:38:46 AM
Last updated: 4/12/2026, 5:00:28 AM
Views: 17
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.