2021-10-18 13:45:57
WPScan
PUBLISHED
The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts titles.