Описание
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.5 (исключая)
cpe:2.3:a:bplugins:document_embedder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 69%
0.00619
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-668
Связанные уязвимости
github
около 4 лет назад
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
EPSS
Процентиль: 69%
0.00619
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-668