WordPress Plugin Vulnerabilities

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

Description

The plugin contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.

Proof of Concept

https://example.com/wp-json/doc/v1/single/509 (509 being the ID of a private/draft Post)

Affects Plugins

Plugin icon
document-emberdder
Fixed in 1.7.5

References

CVE
CVE-2021-24775

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
c6f24afe-d273-4f87-83ca-a791a385b06b

Timeline

Publicly Published
2022-01-03 (about 2 years ago)
Added
2022-01-03 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2023-12-29
Title
Image Source Control < 2.17.1 - Sensitive Information Exposure via Log File
Published
2022-01-03
Title
Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
Published
2021-03-26
Title
Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
Published
2023-10-09
Title
Image Regenerate & Select Crop < 7.3.1 - Sensitive Information Exposure
Published
2023-01-27
Title
ContentStudio < 1.2.6 - Nonce Disclosure