CVE-2021-24677

Find My Blocks < 3.4.0 - Private Post Titles Disclosure

EPSS 1.2%CWE-862

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

Productos afectados

Unknown · Find My Blocks

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a