CVE-2024-0975

Name of the Vulnerable Software and Affected Versions WordPress Access Control plugin versions up to, and including, 4.0.13

Description The WordPress Access Control plugin is vulnerable to Sensitive Information Exposure via the REST API. This allows unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature and view restricted page and post content.

Recommendations For versions up to, and including, 4.0.13, update to a version later than 4.0.13 to resolve the issue. As a temporary workaround, consider restricting access to the REST API until a patch is available.