CVE-2024-0437

Name of the Vulnerable Software and Affected Versions Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease versions up to, and including, 2.6.6

Description The issue allows authenticated attackers with subscriber access or higher to extract post titles and content via the API, thus bypassing the plugin's password protection. This enables them to access sensitive information that should be protected by the plugin.

Recommendations For versions up to, and including, 2.6.6, update to a version higher than 2.6.6 to resolve the issue. As a temporary workaround, consider restricting API access to only necessary users to minimize the risk of exploitation.