2 matches found
CVE-2021-24868
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...
CVE-2021-24868
The CVE-2021-24868 entry concerns the WordPress Document Embedder plugin prior to 1.7.9. Affected component is the plugin’s AJAX action endpoint, which can be accessed by any authenticated user (e.g., a subscriber) to enumerate the titles of private and draft posts. The root cause is an informati...