Beware! A threat actor could steal the titles of your private (and draft) WordPress posts! | Imperva

A vulnerability in WordPress allows threat actors to steal private and draft post titles using XMLRPC payloads. The attack exploits the pingback feature, enabling attackers to search for specific strings in all post titles, including private and draft ones. To protect against this threat, update your WordPress site to the latest version and disable the XMLRPC endpoint if not in use.