CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24868 – Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
https://notcve.org/view.php?id=CVE-2021-24868
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. El plugin Document Embedder de WordPress versiones anteriores a 1.7.9, contiene un endpoint de acción AJAX, que podría permitir a cualquier usuario autenticado, como el suscriptor, enumerar el título de publicaciones privadas y borradores arbitrarios • https://wpscan.com/vulnerability/45a43927-a427-46bc-9c61-e0b8532c8138 • CWE-285: Improper Authorization CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24775 – Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure
https://notcve.org/view.php?id=CVE-2021-24775
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. El plugin Document Embedder de WordPress versiones anteriores a 1.7.5, contiene un endpoint REST, que podría permitir a usuarios no autenticados enumerar el título de publicaciones privadas y borradores arbitrarios The Document Embedder WordPress plugin before 1.7.6 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. • https://wpscan.com/vulnerability/c6f24afe-d273-4f87-83ca-a791a385b06b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •