CVE-2024-11153
Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More <= 2.5.0 - Unauthenticated Content Restriction Bypass to Sensitive Information ExposureThe Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
We have discovered 45 live websites that are affected by CVE-2024-11153.
Affected Software
| Product |  Content Control |
| Category | Wordpress Plugins |
| Vulnerable Domains | 45 live websites (100.00% of Content Control install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 100.00% of all versions) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized ActorDetails
- Published - Mar 5, 2025
- Updated - Mar 5, 2025
Credits
- Francesco Carlucci (finder)
CWE
CVE References
CWE References
CVE-2024-11153 usage by Country
 United States | 33 websites |
 Cyprus | 4 websites |
 Germany | 3 websites |
 GB | 3 websites |
 Australia | 2 websites |
CVE-2024-11153 usage by TLD
| .com | 19 websites |
| .org | 7 websites |
| .co.uk | 4 websites |
| .com.au | 2 websites |
| .de | 2 websites |
| .info | 2 websites |
| .it | 2 websites |
| .net | 2 websites |
| .dk | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-11153
Top websites that are affected by CVE-2024-11153. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.org | United States | **,*** | |
| ****.org | United States | ***,*** | |
| ***.it | United States | ***,*** | |
| ****.com | United States | *,***,*** | |
| ********.org | United States | *,***,*** | |
| **************.com | United States | **,***,*** | |
| *********.***.au | Australia | **,***,*** | |
| ****.**.uk | United States | **,***,*** | |
| *************.de | Germany | **,***,*** | |
| ********************.com | United States | **,***,*** |
FAQ
CVE-2024-11153 is Exposure of Sensitive Information to an Unauthorized Actor in Content Control
A total of 45 websites have been identified as vulnerable to CVE-2024-11153, discovered through global website indexing conducted by WebTechSurvey.
Content Control is susceptible to CVE-2024-11153 vulnerability.
Content Control versions before, and including, 2.5 are vulnerable to CVE-2024-11153.