Wordpress is vulnerable to privilege escalation. An attacker with contributor privileges gets access to password-protected posts and page via one of the blocks in the WordPress editor.
github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
lists.debian.org/debian-lts-announce/2021/04/msg00017.html
security-tracker.debian.org/tracker/CVE-2021-29450
wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release
wordpress.org/news/category/security/
www.debian.org/security/2021/dsa-4896