CVE-2021-24775— Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

EPSS 0.86% · P75 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-24775

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 Document Embedder WordPress plugin 1.7.5之前版本存在安全漏洞，该漏洞允许未经身份验证的用户枚举任意私有和草稿文章的标题。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-24775

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-24775

请登录查看更多情报信息。

Same Patch Batch · n/a · 2022-02-01 · 44 CVEs total

CVE-2022-23603	9.9 CRITICAL	Code injection in iTunesRPC-Remastered
CVE-2022-23597	8.3 HIGH	Remote program execution with user interaction
CVE-2022-23602	7.7 HIGH	Nim's rst parser sandboxed mode allows include which can embed any local file
CVE-2022-23596	7.5 HIGH	Infinite loop in junrar
CVE-2022-21687	6.8 MEDIUM	Command injection in gh-ost
CVE-2021-43510		Sourcecodester Simple Client Management System SQL注入漏洞
CVE-2021-43509		Sourcecodester Simple Client Management System SQL注入漏洞
CVE-2021-38560		Ivanti Service Manager 跨站脚本漏洞
CVE-2022-24221		Elite Graphix Elite Cms SQL注入漏洞
CVE-2022-24222		Elite Graphix Elite Cms SQL注入漏洞
CVE-2022-24223		Atom CMS SQL注入漏洞
CVE-2022-24220		Elite Graphix Elite Cms SQL注入漏洞
CVE-2021-42638		PrinterLogic Web Stack 命令注入漏洞
CVE-2022-24219		Elite Graphix Elite Cms SQL注入漏洞
CVE-2021-46253		Anchor 跨站脚本漏洞
CVE-2021-45416		RosarioSis 跨站脚本漏洞
CVE-2021-24926		Domain Check < 1.0.17 - Reflected Cross-Site Scripting
CVE-2021-24919		Wicked Folders < 2.18.10 - Subscriber+ SQL Injection
CVE-2021-24868		Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure
CVE-2021-24814		WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

Showing top 20 of 44 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-24775

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-24775— Document Embedder < 1.7.5 - Unauthenticated Arbitrary Private/Draft Post Title Disclosure

I. Basic Information for CVE-2021-24775

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-24775

III. Intelligence Information for CVE-2021-24775

Same Patch Batch · n/a · 2022-02-01 · 44 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-24775

Leave a comment