CVE-2021-24677

MEDIUM

WordPress Plugin <3.4.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/40c7e424-9a97-41ab-a312-2a06b607609a

Scores

CVSS v3 5.3
EPSS 0.0121
EPSS Percentile 64.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-862
Status published
Products (1)
find_my_blocks_project/find_my_blocks < 3.4.0
Published Oct 18, 2021
Tracked Since Feb 18, 2026