CVE-2021-24775: Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure
First published: Tue Feb 01 2022(Updated: )
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bplugins Document Embedder | <1.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-24775?
CVE-2021-24775 is a vulnerability in the Document Embedder WordPress plugin before version 1.7.5.
What is the severity of CVE-2021-24775?
The severity of CVE-2021-24775 is medium with a CVSS score of 5.3.
How can an attacker exploit CVE-2021-24775?
An unauthenticated attacker can exploit CVE-2021-24775 by using the REST endpoint in the Document Embedder WordPress plugin to enumerate the title of arbitrary private and draft posts.
What is the affected software?
The affected software is the Document Embedder WordPress plugin before version 1.7.5.
Is there a fix for CVE-2021-24775?
Yes, updating the Document Embedder WordPress plugin to version 1.7.5 or later will fix CVE-2021-24775.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/title
- agent/description
- agent/references
- agent/first-publish-date
- agent/severity
- agent/event
- agent/tags
- agent/source
- vendor/bplugins
- canonical/bplugins document embedder