Lucene search
Apple502jWPVDB-ID:C6F24AFE-D273-4F87-83CA-A791A385B06BHistoryJan 03, 2022 - 12:00 a.m.
Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure
2022-01-0300:00:00
apple502j
wpscan.com
10
0.001 Low
EPSS
Percentile
45.9%
The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
PoC
https://example.com/wp-json/doc/v1/single/509 (509 being the ID of a private/draft Post)
| CPE | Name | Operator | Version |
|---|---|---|---|
| document-emberdder | lt | 1.7.5 |
Related
wpexploit
wpexploit
cve
cve
CVE-2021-24775
2022-02-01 13:15:08
nvd
nvd
CVE-2021-24775
2022-02-01 13:15:08
cnvd
cnvd
WordPress Document Embedder plugin information leakage vulnerability
2022-03-11 00:00:00
cvelist
cvelist
patchstack
patchstack
prion
prion
Design/Logic Flaw
2022-02-01 13:15:00