The Simple Blog Card WordPress plugin before 1.32 does...
Moderate severity
Unreviewed
Published
Aug 30, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 30, 2023
Published to the GitHub Advisory Database
Aug 30, 2023
Last updated
Apr 4, 2024
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones
References