1. CVE-Search
  2. CVE-2021-24840
ID CVE-2021-24840
Summary The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.
References
Vulnerable Configurations
  • cpe:2.3:a:codesupply:squaretype:-:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:-:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:1.0.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:1.0.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:1.0.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:1.0.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:1.0.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:1.0.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:1.0.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:1.0.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:1.0.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:1.0.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:1.0.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:1.0.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.6:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.6:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.7:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.7:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.8:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.8:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.0.9:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.0.9:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.1.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.1.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.1.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.1.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.1.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.1.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:2.1.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:2.1.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:3.0.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:3.0.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:3.0.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:3.0.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:3.0.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:3.0.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:codesupply:squaretype:3.0.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:codesupply:squaretype:3.0.3:*:*:*:*:wordpress:*:*
CVSS
Base: 5.0 (as of 13-11-2021 - 04:03)
Impact:
Exploitability:
CWE CWE-639
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 13-11-2021 - 04:03
Published 08-11-2021 - 18:15
Last modified 13-11-2021 - 04:03
Back to Top