vulnerability
WordPress Plugin: find-my-blocks: CVE-2021-24677: Missing Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Sep 15, 2021 | May 15, 2025 | May 4, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 15, 2021
Added
May 15, 2025
Modified
May 4, 2026
Description
The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.
Solution
find-my-blocks-plugin-cve-2021-24677
References
- https://www.cve.org/CVERecord?id=CVE-2021-24677
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a8a202-e44a-4874-9e7a-c8224edd8591?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-11589
- CVE-2021-24677
- https://attackerkb.com/topics/CVE-2021-24677
- CWE-862
- EUVD-EUVD-2021-11589
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.