CVE-2021-4385

Name of the Vulnerable Software and Affected Versions WP Private Content Plus plugin for WordPress versions up to and including 3.1

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save groups() function. This allows unauthenticated attackers to add new group members via a forged request if they can trick a site administrator into performing a specific action.

Recommendations For WP Private Content Plus plugin for WordPress versions up to and including 3.1, consider disabling the save groups() function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of unauthorized actions.