Lucene search

K
prionPRIOn knowledge basePRION:CVE-2021-24840
HistoryNov 08, 2021 - 6:15 p.m.

Design/Logic Flaw

2021-11-0818:15:00
PRIOn knowledge base
www.prio-n.com
3

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.

CPENameOperatorVersion
squaretypelt3.0.4

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

Related for PRION:CVE-2021-24840