Swissspidy

**Name of the Vulnerable Software and Affected Versions** Web Stories for WordPress versions prior to 1.32 **Description** The Web Stories for WordPress plugin has a vulnerability that allows users with the "Author" role to bypass permission checks and access password-protected content. Normally, users with this role cannot edit password-protected stories, but the vulnerability enables them to duplicate protected stories in the plugin's dashboard, giving them access to the content. **Recommendations** For versions prior to 1.32, upgrade to version 1.32 or beyond to resolve the issue. As a temporary workaround, consider restricting access to the plugin's dashboard for users with the "Author" role until the update is applied.