CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2021-24742 (GCVE-0-2021-24742)
Vulnerability from cvelistv5 – Published: 2021-11-01 08:46 – Updated: 2024-08-03 19:42
VLAI
Title
Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update
Summary
The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/8dfc86e4-56a0-4e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Logo Slider and Showcase |
Affected:
1.3.37 , < 1.3.37
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Logo Slider and Showcase",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.37",
"status": "affected",
"version": "1.3.37",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin\u0027s settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:46:15.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Logo Slider and Showcase \u003c 1.3.37 - Editor Plugin\u0027s Settings Update",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24742",
"STATE": "PUBLIC",
"TITLE": "Logo Slider and Showcase \u003c 1.3.37 - Editor Plugin\u0027s Settings Update"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Logo Slider and Showcase",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.3.37",
"version_value": "1.3.37"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin\u0027s settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24742",
"datePublished": "2021-11-01T08:46:15.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24757 (GCVE-0-2021-24757)
Vulnerability from cvelistv5 – Published: 2021-11-01 08:46 – Updated: 2024-08-03 19:42
VLAI
Title
Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
Summary
The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/352a9e05-2d5f-4b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Stylish Price List |
Affected:
6.9.0 , < 6.9.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Stylish Price List",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.9.0",
"status": "affected",
"version": "6.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:46:16.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stylish Price List \u003c 6.9.0 - Unauthenticated Arbitrary Image Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24757",
"STATE": "PUBLIC",
"TITLE": "Stylish Price List \u003c 6.9.0 - Unauthenticated Arbitrary Image Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Stylish Price List",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.9.0",
"version_value": "6.9.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24757",
"datePublished": "2021-11-01T08:46:17.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24770 (GCVE-0-2021-24770)
Vulnerability from cvelistv5 – Published: 2021-11-01 08:46 – Updated: 2024-08-03 19:42
VLAI
Title
Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload
Summary
The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/4365c813-4bd7-4c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Stylish Price List |
Affected:
6.9.1 , < 6.9.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/4365c813-4bd7-4c7c-a15b-ef9a42d32b26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Stylish Price List",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.9.1",
"status": "affected",
"version": "6.9.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:46:18.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/4365c813-4bd7-4c7c-a15b-ef9a42d32b26"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stylish Price List \u003c 6.9.1 - Subscriber+ Arbitrary Image Upload",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24770",
"STATE": "PUBLIC",
"TITLE": "Stylish Price List \u003c 6.9.1 - Subscriber+ Arbitrary Image Upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Stylish Price List",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.9.1",
"version_value": "6.9.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/4365c813-4bd7-4c7c-a15b-ef9a42d32b26",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/4365c813-4bd7-4c7c-a15b-ef9a42d32b26"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24770",
"datePublished": "2021-11-01T08:46:18.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24783 (GCVE-0-2021-24783)
Vulnerability from cvelistv5 – Published: 2021-11-08 17:35 – Updated: 2024-08-03 19:42
VLAI
Title
Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion
Summary
The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/de51b970-ab13-41… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Post Expirator: Automatically Unpublish WordPress Posts |
Affected:
2.6.0 , < 2.6.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/de51b970-ab13-41a6-a479-a92cd0e70b71"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Post Expirator: Automatically Unpublish WordPress Posts",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T17:35:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/de51b970-ab13-41a6-a479-a92cd0e70b71"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Post Expirator \u003c 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24783",
"STATE": "PUBLIC",
"TITLE": "Post Expirator \u003c 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Post Expirator: Automatically Unpublish WordPress Posts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.6.0",
"version_value": "2.6.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/de51b970-ab13-41a6-a479-a92cd0e70b71",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/de51b970-ab13-41a6-a479-a92cd0e70b71"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24783",
"datePublished": "2021-11-08T17:35:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24788 (GCVE-0-2021-24788)
Vulnerability from cvelistv5 – Published: 2021-11-08 17:35 – Updated: 2024-08-03 19:42
VLAI
Title
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
Summary
The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/f8fdff8a-f158-46… | x_refsource_MISC |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Batch Cat",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.3",
"status": "affected",
"version": "0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Quentin VILLAIN (3wsec)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T17:35:20.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Batch Cat \u003c= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24788",
"STATE": "PUBLIC",
"TITLE": "Batch Cat \u003c= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Batch Cat",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0.3",
"version_value": "0.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Quentin VILLAIN (3wsec)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f8fdff8a-f158-46e8-94f1-f051a6c5608b"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24788",
"datePublished": "2021-11-08T17:35:20.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24819 (GCVE-0-2021-24819)
Vulnerability from cvelistv5 – Published: 2021-12-13 10:41 – Updated: 2024-08-03 19:42
VLAI
Title
Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
Summary
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/c97b218c-b430-43… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Page/Post Content Shortcode |
Affected:
1.0 , ≤ 1.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c97b218c-b430-4301-884f-f64d0dd08f07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Page/Post Content Shortcode",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T10:41:02.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/c97b218c-b430-4301-884f-f64d0dd08f07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Page/Post Content Shortcode \u003c= 1.0 - Contributor+ Arbitrary Posts/Pages Access",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24819",
"STATE": "PUBLIC",
"TITLE": "Page/Post Content Shortcode \u003c= 1.0 - Contributor+ Arbitrary Posts/Pages Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Page/Post Content Shortcode",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Francesco Carlucci"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/c97b218c-b430-4301-884f-f64d0dd08f07",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/c97b218c-b430-4301-884f-f64d0dd08f07"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24819",
"datePublished": "2021-12-13T10:41:02.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24824 (GCVE-0-2021-24824)
Vulnerability from cvelistv5 – Published: 2022-03-07 08:16 – Updated: 2024-08-03 19:42
VLAI
Title
Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access
Summary
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/7b4d4675-6089-44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Custom Content Shortcode |
Affected:
4.0.1 , < 4.0.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Custom Content Shortcode",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "4.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T08:16:03.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Custom Content Shortcode \u003c 4.0.1 - Unauthorised Arbitrary Post Metadata Access",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24824",
"STATE": "PUBLIC",
"TITLE": "Custom Content Shortcode \u003c 4.0.1 - Unauthorised Arbitrary Post Metadata Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Custom Content Shortcode",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.0.1",
"version_value": "4.0.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Francesco Carlucci"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7b4d4675-6089-4435-9b56-31496adc4767"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24824",
"datePublished": "2022-03-07T08:16:03.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24851 (GCVE-0-2021-24851)
Vulnerability from cvelistv5 – Published: 2021-11-17 10:15 – Updated: 2024-08-03 19:42
VLAI
Title
Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
Summary
The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/919e67a1-3a50-49… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2614… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Insert Pages |
Affected:
3.7.0 , < 3.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/919e67a1-3a50-4940-bb4f-5c5cc2017a83"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2614442/insert-pages"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Insert Pages",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.7.0",
"status": "affected",
"version": "3.7.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T10:15:53.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/919e67a1-3a50-4940-bb4f-5c5cc2017a83"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2614442/insert-pages"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insert Pages \u003c 3.7.0 - Contributor+ Arbitrary Posts/Pages Access",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24851",
"STATE": "PUBLIC",
"TITLE": "Insert Pages \u003c 3.7.0 - Contributor+ Arbitrary Posts/Pages Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insert Pages",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.7.0",
"version_value": "3.7.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Francesco Carlucci"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/919e67a1-3a50-4940-bb4f-5c5cc2017a83",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/919e67a1-3a50-4940-bb4f-5c5cc2017a83"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2614442/insert-pages",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2614442/insert-pages"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24851",
"datePublished": "2021-11-17T10:15:54.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24872 (GCVE-0-2021-24872)
Vulnerability from cvelistv5 – Published: 2021-12-13 10:41 – Updated: 2024-08-03 19:49
VLAI
Title
Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access
Summary
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/ec23734a-5ea7-4e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Get Custom Field Values |
Affected:
4.0 , < 4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:14.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ec23734a-5ea7-4e46-aba9-3dee4e6dffb6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Get Custom Field Values",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T10:41:16.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ec23734a-5ea7-4e46-aba9-3dee4e6dffb6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Get Custom Field Values \u003c 4.0 - Contributors+ Arbitrary Post Metadata Access",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24872",
"STATE": "PUBLIC",
"TITLE": "Get Custom Field Values \u003c 4.0 - Contributors+ Arbitrary Post Metadata Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Get Custom Field Values",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Francesco Carlucci"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ec23734a-5ea7-4e46-aba9-3dee4e6dffb6",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ec23734a-5ea7-4e46-aba9-3dee4e6dffb6"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24872",
"datePublished": "2021-12-13T10:41:16.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:14.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24905 (GCVE-0-2021-24905)
Vulnerability from cvelistv5 – Published: 2022-03-21 18:55 – Updated: 2024-08-03 19:49
VLAI
Title
Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion
Summary
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/cf022415-6614-4b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Advanced Contact form 7 DB |
Affected:
1.8.7 , < 1.8.7
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cf022415-6614-4b95-913b-802186766ae6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advanced Contact form 7 DB",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.8.7",
"status": "affected",
"version": "1.8.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:55:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/cf022415-6614-4b95-913b-802186766ae6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Advanced Contact form 7 DB \u003c 1.8.7 - Subscriber+ Arbitrary File Deletion",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24905",
"STATE": "PUBLIC",
"TITLE": "Advanced Contact form 7 DB \u003c 1.8.7 - Subscriber+ Arbitrary File Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Contact form 7 DB",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.8.7",
"version_value": "1.8.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/cf022415-6614-4b95-913b-802186766ae6",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cf022415-6614-4b95-913b-802186766ae6"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24905",
"datePublished": "2022-03-21T18:55:37.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:49:13.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.