CVE-2021-24677

Find My Blocks < 3.4.0 - Private Post Titles Disclosure

EPSS 1.2%CWE-862

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 Oct 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

Affected products

Unknown · Find My Blocks

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a