CVE-2024-10937

Name of the Vulnerable Software and Affected Versions Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress versions up to, and including, 2.0.58

Description The issue allows unauthenticated attackers to extract sensitive data, including titles of posts in draft status, via the wp ajax nopriv related post ajax get post ids AJAX action. This makes it possible for attackers to access sensitive information without proper authentication.

Recommendations For versions up to, and including, 2.0.58, update to a version higher than 2.0.58 to resolve the issue. As a temporary workaround, consider disabling the wp ajax nopriv related post ajax get post ids AJAX action until a patch is available.