Page/Post Content Shortcode <= 1.0 – Contributor+ Arbitrary Posts/Pages Access | CVE 2021-24819 | Plugin Vulnerabilities

Description

The plugin does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.

Proof of Concept

As a contributor, add the following shortcode in a page, replacing ID with the ID of a draft/private/password protected/trashed post/page to access, then preview the post to display the content

[post-content-sc id="ID"]
[page-content-sc id="ID"]

Affects Plugins

pagepost-content-shortcode

No known fix

References

CVE

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website

https://carluc.ci

Submitter twitter

Verified

Yes

WPVDB ID

c97b218c-b430-4301-884f-f64d0dd08f07

Timeline

Publicly Published

2021-11-15 (about 2 years ago)

Added

2021-11-15 (about 2 years ago)

Last Updated

2022-04-11 (about 2 years ago)

Other

Published

Title

Published

2024-01-16

Title

User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

Published

2023-10-16

Title

Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply

Published

2022-01-03

Title

TrustMate.io integration for WooCommerce < 1.8.12 - Subscriber+ Arbitrary Plugin's Settings Update

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated Arbitrary Account Change

Published

2021-07-07

Title

WP Upload Restriction < 2.2.5 - Missing Access Control in deleteCustomType