VYPR
Unrated severityNVD Advisory· Published Aug 30, 2023· Updated May 2, 2025

Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

CVE-2023-4036

Description

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.