CVE-2024-11292

Name of the Vulnerable Software and Affected Versions WP Private Content Plus plugin for WordPress versions up to, and including, 3.6.1

Description The issue allows unauthenticated attackers to extract sensitive data from restricted posts via the WordPress core search feature. This makes it possible for attackers to access information that should be restricted to higher-level roles, such as administrators.

Recommendations For WP Private Content Plus plugin for WordPress versions up to, and including, 3.6.1, update to a version later than 3.6.1 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.