The Find My Blocks WordPress plugin prior to 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
find my blocks project find my blocks |