PT-2021-16311 · WordPress · Get Post Content Shortcode
Francesco Carlucci
·
Published
2021-12-13
·
Updated
2021-12-16
·
CVE-2021-24819
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Page/Post Content Shortcode WordPress plugin version 1.0
Description:
The issue allows users with a role as low as contributor to access draft, private, password protected, and trashed posts and pages they should not be allowed to, including those created by other users such as admins and editors.
Recommendations:
For Page/Post Content Shortcode WordPress plugin version 1.0, consider updating the plugin to a version that properly implements authorization to restrict access to sensitive content. As a temporary workaround, consider restricting the role of contributors to prevent them from accessing unauthorized posts and pages until a patch is available.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Get Post Content Shortcode