Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24840
HistoryNov 08, 2021 - 5:35 p.m.

CVE-2021-24840 Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

2021-11-0817:35:33
CWE-639
WPScan
www.cve.org

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.

CNA Affected

[
  {
    "product": "Squaretype",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.0.4",
        "status": "affected",
        "version": "3.0.4",
        "versionType": "custom"
      }
    ]
  }
]

5.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

Related for CVELIST:CVE-2021-24840