Description
WordPress Plugin CiviCRM is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently read private data from the database. WordPress Plugin CiviCRM version 5.35.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin versions 5.36.1, 5.35.2, 5.33.5 ESR, or latest