VYPR

Squaretype

by WordPress

CVEs (1)

  • CVE-2021-24840MedNov 8, 2021
    risk 0.35cvss 5.3epss 0.01

    The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.