4 matches found
CVE-2021-24840
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...
CVE-2021-24840
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...
CVE-2021-24840 Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the queryvars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request...
CVE-2021-24840
The CVE-2021-24840 entry affects the Squaretype WordPress theme prior to version 3.0.4. The vulnerability allows unauthenticated users to manipulate the query_vars used to fetch posts in a REST endpoint, enabling disclosure of private and scheduled posts. This is demonstrated by published PoCs (e...