CVE-2024-0908

Name of the Vulnerable Software and Affected Versions The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress versions up to, and including, 1.13.1

Description The issue is related to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action. This allows unauthenticated attackers to retrieve all post data, including those that may be password protected.

Recommendations For versions up to, and including, 1.13.1, update to a version higher than 1.13.1 to resolve the issue. As a temporary workaround, consider disabling the apbPosts() function until a patch is available.