CVE-2024-12560

Name of the Vulnerable Software and Affected Versions Button Block plugin for WordPress versions up to, and including, 1.1.5

Description The issue allows authenticated attackers with Contributor-level access and above to extract potentially sensitive data from draft, scheduled, private, and password protected posts through the btn block duplicate post function. This makes it possible for attackers to access potentially confidential information.

Recommendations For versions up to, and including, 1.1.5, update to a version higher than 1.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the btn block duplicate post function until a patch is available. Restrict access to draft, scheduled, private, and password protected posts to minimize the risk of exploitation.