CVE-2024-11295

Name of the Vulnerable Software and Affected Versions Simple Page Access Restriction plugin for WordPress versions up to 1.0.29

Description The issue allows unauthenticated attackers to extract sensitive data from posts restricted to higher-level roles, such as logged-in users, via the WordPress core search feature. This makes it possible for attackers to access sensitive information without proper authentication.

Recommendations For versions up to 1.0.29, update to a version later than 1.0.29 to resolve the issue. As a temporary workaround, consider restricting access to the WordPress core search feature until a patch is available. Additionally, restrict access to sensitive posts to minimize the risk of exploitation.