CVE-2021-24635

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Visual Link Preview WordPress plugin versions prior to 2.2.3

Description The issue allows any authenticated user to call several AJAX actions without proper authorization, due to the CSRF nonce being displayed for all authenticated users. This enables users to perform certain actions, including:

Getting and searching through the title and content of draft posts
Getting the title of a password-protected post
Uploading an image from a URL

Recommendations For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

CVE-2021-24635

Affected Products

Visual Link Preview

CVE-2021-24635

Weakness Enumeration

Related Identifiers

Affected Products

References · 4