Vulnerabilities > Bplugins > Document Embedder > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-01 | CVE-2021-24775 | Exposure of Resource to Wrong Sphere vulnerability in Bplugins Document Embedder The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. | 5.0 |
| 2022-02-01 | CVE-2021-24868 | Exposure of Resource to Wrong Sphere vulnerability in Bplugins Document Embedder The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts. | 4.0 |