CVE-2023-6257

Name of the Vulnerable Software and Affected Versions Inline Related Posts WordPress plugin versions prior to 3.6.0

Description The issue is related to missing authorization in an AJAX action, which allows any authenticated user, such as a subscriber, to retrieve the content of password-protected posts. This affects the ability to control access to sensitive information.

Recommendations For versions prior to 3.6.0, update to version 3.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or implementing additional authorization checks to prevent unauthorized access to password-protected posts.