Impact
Authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions.
Patches
This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/1225282
For more information
If you have any questions or comments about this advisory:
Impact
Authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions.
Patches
This affected WordPress 5.8 beta during the testing period. It's fixed in the final 5.8 release.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/1225282
For more information
If you have any questions or comments about this advisory: