CVE-2024-12447

Name of the Vulnerable Software and Affected Versions Get Post Content Shortcode plugin for WordPress versions up to, and including, 0.4

Description The issue is related to Insecure Direct Object Reference. This is due to missing validation on a user-controlled key in the 'post-content' shortcode. Authenticated attackers with Contributor-level access and above can read the content of password-protected, private, draft, and pending posts.

Recommendations For versions up to, and including, 0.4, consider disabling the 'post-content' shortcode until a patch is available to prevent exploitation. Restrict access to the shortcode to minimize the risk of unauthorized post content access. Avoid using the 'post-content' shortcode with user-controlled input until the issue is resolved.