CVE-2023-4036 Information

Description

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public allowing any authenticated users such as subscriber to retrieve arbitrary post title and their content such as draft private and password protected ones

Reference

https://wpscan.com/vulnerability/de3e1718-c358-4510-b142-32896ffeb03f