WP Private Content Plus Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the WP Private Content Plus plugin for WordPress, affecting all versions through 3.6.2. The issue arises in the 'validate_restrictions' function, where unauthenticated attackers can access restricted post content on archive and feed pages.

Impact

Exploitation of this vulnerability allows unauthenticated users to access and extract sensitive information, specifically the content of restricted posts, from archive and feed pages.

Reproduction

The vulnerability can be reproduced by accessing an archive or feed page on a WordPress site with the WP Private Content Plus plugin version 3.6.2 or earlier. Unauthenticated users can then view restricted post content that should otherwise be protected.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.