Lucene search
PRIOn knowledge basePRION:CVE-2021-38314HistorySep 02, 2021 - 5:15 p.m.
Design/Logic Flaw
2021-09-0217:15:00
PRIOn knowledge base
www.prio-n.com
10
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of β-reduxβ and an md5 hash of the previous hash with a known salt value of β-supportβ. These AJAX actions could be used to retrieve a list of active plugins and their versions, the siteβs PHP version, and an unsalted md5 hash of siteβs AUTH_KEY concatenated with the SECURE_AUTH_KEY.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gutenberg_template_library_\\&_redux_framework | le | 4.2.11 |
Related
wpvulndb
wpvulndb
cvelist
cvelist
githubexploit
githubexploit
nuclei
nuclei
WordPress Redux Framework <=4.2.11 - Information Disclosure
2021-09-16 14:08:12
hackerone
hackerone
MTN Group: CVE-2021-38314 @ https://www.mtn.co.rw
2021-09-26 09:17:18
MTN Group: CVE-2021-38314 @ https://www.mtn.ci
2021-09-26 09:09:53
patchstack
patchstack
nvd
nvd
CVE-2021-38314
2021-09-02 17:15:09
cve
cve
CVE-2021-38314
2021-09-02 17:15:09
osv
osv
CVE-2021-38314
2021-09-02 17:15:09
wordfence
wordfence
threatpost
threatpost
Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites
2021-09-01 17:58:38
wpexploit
wpexploit
WP Mail Logging < 1.10.0 - Outdated Redux Framework
2021-11-29 00:00:00
openvas
openvas