QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24840

Published: Nov 8, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.

Vendor	Product	Versions
Unknown	Squaretype	affected `3.0.4 - < 3.0.4`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/971302fd-4e8b-4c6a-818f-3a42c7fb83ef

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.