WordPress: Unauthenticated hidden groups disclosure via Ajax groups search

Note: this issue was previously submitted to [email protected], because I did not have the rep to submit it here. That was cleared up with HackerOne, so I am now submitting the issue here, at @aaroncampbell's direction. Summary It is possible for an unauthenticated user to view the title,...