Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
When logged in as a subscriber, open the following URL and note that the content of password protected posts is displayed : https://example.com/wp-admin/admin-ajax.php?action=irp_list_posts