CVE-2023-1979

Name of the Vulnerable Software and Affected Versions Web Stories for WordPress versions prior to 1.32

Description The Web Stories for WordPress plugin has a vulnerability that allows users with the "Author" role to bypass permission checks and access password-protected content. Normally, users with this role cannot edit password-protected stories, but the vulnerability enables them to duplicate protected stories in the plugin's dashboard, giving them access to the content.

Recommendations For versions prior to 1.32, upgrade to version 1.32 or beyond to resolve the issue. As a temporary workaround, consider restricting access to the plugin's dashboard for users with the "Author" role until the update is applied.