CVE-2024-1088

Name of the Vulnerable Software and Affected Versions Password Protected Store for WooCommerce plugin for WordPress versions up to, and including, 1.9

Description The issue allows unauthenticated attackers to extract sensitive data, including post titles and content, via the REST API. This makes it possible for attackers to access sensitive information without proper authentication.

Recommendations For versions up to, and including, 1.9, update to a version that fixes the Sensitive Information Exposure issue to prevent unauthenticated attackers from extracting sensitive data via the REST API. As a temporary workaround, consider restricting access to the REST API until a patch is available.