Description
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
Remediation
References
Related Vulnerabilities
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7251)
WordPress Plugin Add Any Extension to Pages Cross-Site Scripting (1.3)
Oracle JRE CVE-2018-2627 Vulnerability (CVE-2018-2627)
WordPress Plugin BulletProof Security Multiple Vulnerabilities (.51)
WordPress Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2007-6013)