exploitDog

CVE-2021-24868

Опубликовано: 01 фев. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.

Ссылки

https://wpscan.com/vulnerability/45a43927-a427-46bc-9c61-e0b8532c8138
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/45a43927-a427-46bc-9c61-e0b8532c8138
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bplugins:document_embedder:*:*:*:*:*:wordpress:*:*

Версия до 1.7.9 (исключая)

EPSS

Процентиль: 50%

0.00274

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-2vc5-r994-6g7m

github

около 4 лет назад

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.

EPSS

Процентиль: 50%

0.00274

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-668