WordPress Plugin Vulnerabilities
Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
Description
The plugin allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.
Proof of Concept
[include-page allowtype="post" allowstatus="draft" id="131"] [include-page allowtype="post" allowstatus="private" id="132"] [include-page allowtype="custon-post-type" allowstatus="any" id="{ID}"]
Affects Plugins
References
CVE
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-15 (about 2 years ago)
Added
2021-11-15 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)