CVE-2021-24661 (GCVE-0-2021-24661)

Vulnerability from cvelistv5 – Published: 2021-09-27 15:25 – Updated: 2024-08-03 19:42
VLAI
Title
PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Private Content Disclosure
Summary
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Unknown PostX – Gutenberg Blocks for Post Grid Affected: 2.4.10 , < 2.4.10 (custom)
Create a notification for this product.
Credits
apple502j
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:42:16.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostX \u2013 Gutenberg Blocks for Post Grid",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "2.4.10",
              "status": "affected",
              "version": "2.4.10",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "apple502j"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-27T15:25:35.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Private Content Disclosure",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24661",
          "STATE": "PUBLIC",
          "TITLE": "PostX Gutenberg Blocks Saved Templates Addon \u003c 2.4.10 - Private Content Disclosure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostX \u2013 Gutenberg Blocks for Post Grid",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.4.10",
                            "version_value": "2.4.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "apple502j"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24661",
    "datePublished": "2021-09-27T15:25:35.000Z",
    "dateReserved": "2021-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:42:16.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-24661",
      "date": "2026-05-26",
      "epss": "0.00237",
      "percentile": "0.46756"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-24661\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2021-09-27T16:15:09.053\",\"lastModified\":\"2024-11-21T05:53:30.823\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The PostX \u2013 Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.\"},{\"lang\":\"es\",\"value\":\"El plugin PostX - Gutenberg Blocks for Post Grid de WordPress versiones anteriores a 2.4.10, con el Complemento de Plantillas Guardadas habilitado, permite a usuarios con roles de Contribuyente o superiores leer contenidos de publicaciones protegidas por contrase\u00f1a o privadas que el usuario no puede leer de otra manera, dado el ID de la publicaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:N/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wpxpo:postx_-_gutenberg_blocks_for_post_grid:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"2.4.10\",\"matchCriteriaId\":\"E1287874-AD93-449E-8275-E11B370C69AC\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/8d966ff1-9c88-43c7-8f4b-93c88e214677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.