The Page Restrict plugin for WordPress has a security issue that allows unauthorized people to see private posts. This affects all versions up to 2.5.5. The problem is that the plugin does not properly restrict access to posts through the REST API when a page is set to private. This means that anyone without authentication can view protected posts.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
