exploitDog

CVE-2021-24677

Опубликовано: 18 окт. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

Ссылки

https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:find_my_blocks_project:find_my_blocks:*:*:*:*:*:wordpress:*:*

Версия до 3.4.0 (исключая)

EPSS

Процентиль: 70%

0.00642

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-8r7r-rv2m-h23v

github

больше 3 лет назад

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

EPSS

Процентиль: 70%

0.00642

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

CWE-862