CVE-2024-0881

Name of the Vulnerable Software and Affected Versions The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin versions prior to 2.2.76

Description The issue concerns improper authorization in the WordPress plugin, allowing unauthenticated users to read password-protected posts through certain unauthenticated AJAX actions. This results in unauthorized access to sensitive information.

Recommendations For versions prior to 2.2.76, update to version 2.2.76 or later to resolve the issue. As a temporary workaround, consider restricting access to password-protected posts or disabling the affected AJAX actions until the update is applied.