Vulnerability Details CVE-2021-24868
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2021-24868
-
cpe:2.3:a:bplugins:document_embedder:-
-
cpe:2.3:a:bplugins:document_embedder:1.0
-
cpe:2.3:a:bplugins:document_embedder:1.1
-
cpe:2.3:a:bplugins:document_embedder:1.2
-
cpe:2.3:a:bplugins:document_embedder:1.3
-
cpe:2.3:a:bplugins:document_embedder:1.4
-
cpe:2.3:a:bplugins:document_embedder:1.7.1
-
cpe:2.3:a:bplugins:document_embedder:1.7.4
-
cpe:2.3:a:bplugins:document_embedder:1.7.5
-
cpe:2.3:a:bplugins:document_embedder:1.7.6