https://www.pluginvulnerabilities.com/2017/08/09/authenticated-information-disclosure-vulnerability-in-cherry-team-members/

The plugin Cherry Team Members had the same authenticated information disclosure that the Cherry Services List had. The vulnerability was caused by the fact that  contributor and author level users could duplicate posts that they would not have been able to edit. That could for example, have allowed them to gain access to the contents of password protected posts.

The plugin makes the function duplicate_post_as_draft() available

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.