Vulnerabilities > Bplugins > Document Embedder

DATE CVE VULNERABILITY TITLE RISK
2022-02-01 CVE-2021-24775 Exposure of Resource to Wrong Sphere vulnerability in Bplugins Document Embedder
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.
network
low complexity
bplugins CWE-668
5.0
5.0
2022-02-01 CVE-2021-24868 Exposure of Resource to Wrong Sphere vulnerability in Bplugins Document Embedder
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.
network
low complexity
bplugins CWE-668
4.0
4.0