CVE-2021-24840

Name of the Vulnerable Software and Affected Versions: Squaretype WordPress theme version 3.0.3 and earlier

Description: The issue allows unauthenticated users to manipulate the query vars used to retrieve posts to display in one of its REST endpoints, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.

Recommendations: For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoint until the update is applied.