CVE-2024-13228

Name of the Vulnerable Software and Affected Versions Qubely – Advanced Gutenberg Blocks plugin for WordPress versions up to and including 1.8.13

Description The issue allows authenticated attackers with Contributor-level access or higher to extract sensitive data from private, pending, scheduled, password-protected, draft, and trashed posts through the qubely get content function. This enables the exposure of confidential information.

Recommendations For Qubely – Advanced Gutenberg Blocks plugin for WordPress versions up to and including 1.8.13, update to a version higher than 1.8.13 to resolve the issue. As a temporary workaround, consider restricting access to the qubely get content function to minimize the risk of exploitation.