CVE-2021-24677

Exploit

EPSS 0.64%
Veröffentlicht 18.10.2021 14:15:09
Zuletzt bearbeitet 21.11.2024 05:53:32
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Find My Blocks < 3.4.0 - Sensitive Information Disclosure

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

Mögliche Gegenmaßnahme

Find My Blocks – Locate blocks on your site: Update to version 3.4.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Find My Blocks – Locate blocks on your site

Version [*, 3.4.0)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Find My Blocks Project ≫ Find My Blocks SwPlatformwordpress Version < 3.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.64%	0.697

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a8a202-e44a-4874-9e7a-c8224edd8591

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-24677

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-24677

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-24677

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-24677