Description
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1570)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5472)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8151)
WordPress Plugin WP Portfolio Gallery Cross-Site Scripting (1.0.0)