CVE Vulnerabilities

CVE-2021-24845

Published: Dec 13, 2021 | Modified: Jul 29, 2022

CVSS 3.x

6.5

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 2.x

4 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-24845
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.

Affected Software

Name	Vendor	Start Version	End Version
Improved_include_page	Improved_include_page_project	*	1.2 (including)

References

https://wpscan.com/vulnerability/ab857454-7c7c-454d-9c7f-1db767961e5f

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.