CVE-2024-1452

Name of the Vulnerable Software and Affected Versions GenerateBlocks plugin for WordPress versions up to, and including, 1.8.2

Description The issue allows authenticated attackers with contributor access and above to expose sensitive information. This includes the ability to see contents of posts and pages in draft or private status, as well as those with scheduled publication dates, via the Query Loop.

Recommendations For GenerateBlocks plugin for WordPress versions up to, and including, 1.8.2, update to a version later than 1.8.2 to resolve the issue. As a temporary workaround, consider restricting access to the Query Loop feature to minimize the risk of exploitation.