The WP Private Content Plus plugin for WordPress has a security issue that can reveal private information. This vulnerability affects all versions up to 3.6. The problem is that the plugin does not properly limit access to posts through the REST API when a page is marked as private. This means that anyone, even without login credentials, can view protected posts.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
