CVE-2021-24677

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

WordPress Document Embedder plugin title enumeration vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Document Embedder WordPress plugin prior to version 1.7.9 is vulnerable to a title enumeration vulnerability, which stems from the fact that the plugin includes an AJAX operation endpoint that can be...

WordPress 安全漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. Document Embedder WordPress plugin prior to version 1.7.9 is vulnerable to a title enumeration vulnerability, which stems from the fact that the plugin includes an AJAX operation endpoint that can be...

Shopify: Unauthenticated access to details of hidden products in any shop via title emuneration

This issue allows external unauthenticated attacker to bypass password protection of currently unopened "Opening Soon" stage stores and obtain full description of products considering they know/enumerate the title of the product and the product has been published. It could be used to obtain...