Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 9:5 p.m.7 views

CVE-2021-24840

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5.3CVSS6.7AI score0.01131EPSS
Exploits2References1
nvd
nvd
added 2021/11/08 6:15 p.m.20 views

CVE-2021-24840

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5.3CVSS0.01131EPSS
Exploits2References1
cvelist
cvelist
added 2021/11/08 5:35 p.m.21 views

CVE-2021-24840 Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...

5.5AI score0.01131EPSS
Exploits2References1
cve
cve
added 2021/11/08 5:35 p.m.46 views

CVE-2021-24840

The CVE-2021-24840 entry affects the Squaretype WordPress theme prior to version 3.0.4. The vulnerability allows unauthenticated users to manipulate the query_vars used to fetch posts in a REST endpoint, enabling disclosure of private and scheduled posts. This is demonstrated by published PoCs (e...

5.3CVSS5.1AI score0.01131EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder