CVE-2024-10536

Name of the Vulnerable Software and Affected Versions FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress versions up to, and including, 6.0.0

Description The issue is related to unauthorized access of data due to a missing capability check on the handle block shortcode export() function. This allows authenticated attackers with Subscriber-level access and above to export shortcodes.

Recommendations For versions up to, and including, 6.0.0, consider disabling the handle block shortcode export() function until a patch is available to prevent unauthorized data access. Restrict access to the export functionality to minimize the risk of exploitation.