Search criteria
2 vulnerabilities found for AutomatorWP by Unknown
CVE-2021-24717 (GCVE-0-2021-24717)
Vulnerability from nvd – Published: 2021-11-01 08:46 – Updated: 2024-08-03 19:42
VLAI
Title
AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation
Summary
The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5916ea42-eb33-46… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AutomatorWP |
Affected:
1.7.6 , < 1.7.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AutomatorWP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.6",
"status": "affected",
"version": "1.7.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:46:10.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AutomatorWP \u003c 1.7.6 - Missing Authorization and Privilege Escalation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24717",
"STATE": "PUBLIC",
"TITLE": "AutomatorWP \u003c 1.7.6 - Missing Authorization and Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AutomatorWP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.6",
"version_value": "1.7.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24717",
"datePublished": "2021-11-01T08:46:11.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24717 (GCVE-0-2021-24717)
Vulnerability from cvelistv5 – Published: 2021-11-01 08:46 – Updated: 2024-08-03 19:42
VLAI
Title
AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation
Summary
The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions.
Severity
No CVSS data available.
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/5916ea42-eb33-46… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AutomatorWP |
Affected:
1.7.6 , < 1.7.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AutomatorWP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.7.6",
"status": "affected",
"version": "1.7.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T08:46:10.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AutomatorWP \u003c 1.7.6 - Missing Authorization and Privilege Escalation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24717",
"STATE": "PUBLIC",
"TITLE": "AutomatorWP \u003c 1.7.6 - Missing Authorization and Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AutomatorWP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.7.6",
"version_value": "1.7.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24717",
"datePublished": "2021-11-01T08:46:11.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}