CVE-2024-12538

Name of the Vulnerable Software and Affected Versions Duplicate Post, Page and Any Custom Post plugin for WordPress versions up to and including 3.5.3

Description The issue allows authenticated attackers with Contributor-level access and above to extract potentially sensitive data from draft, scheduled, private, and password-protected posts through the dpp duplicate as draft function.

Recommendations For versions up to and including 3.5.3, update to a version higher than 3.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the dpp duplicate as draft function until a patch is available. Restrict user access to the plugin's functionality to minimize the risk of exploitation, especially for users with Contributor-level access and above.