CVE-2024-3312: 
WordPress vulnerability analysis and mitigation

The Easy Custom Auto Excerpt plugin for WordPress contains a Sensitive Information Exposure vulnerability (CVE-2024-3312) affecting all versions up to and including 2.4.12. The vulnerability was discovered and reported by Wordfence, with an initial disclosure date of April 18, 2024, and was published in the NVD on May 2, 2024. This security issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) (Wordfence, NVD).

The vulnerability allows unauthenticated attackers to obtain excerpts of password-protected posts. This security flaw has been categorized with a CVSS v3.1 Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and primarily impacts the confidentiality of protected content (NVD).

The vulnerability enables unauthorized users to access excerpts of content that should be protected by password restrictions, potentially exposing sensitive or private information that was intended to be accessible only to authorized users (NVD).

Website administrators running the Easy Custom Auto Excerpt plugin should update to a version newer than 2.4.12 to address this vulnerability. The issue has been patched in a newer release (NVD).