RSS   Vulnerabilities for 'Squaretype'   RSS

2021-11-08
 
CVE-2021-24840

CWE-639
 

 
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.

 


Copyright 2024, cxsecurity.com

 

Back to Top