WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Logo Carousel < 3.4.2 - Unauthorised Private Post Access

Description

The plugin allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

Proof of Concept

1) Go to Logo Carousel -> Shortcode Generator.
2) If there is no carousel, create one.
3) Copy URL of the "Duplicate" link under the carousel item.
4) Replace "post" parameter with the post ID of a private post.
5) Visit the link.
6) The private post is duplicated. The post can be viewed at Posts -> All Posts.

e.g: https://example.com/wp-admin/admin.php?action=sp_lc_shortcode_duplicate&post=1764&sp_lc_duplicate_nonce=1c00367003

Affects Plugins

logo-carousel-free
Fixed in version 3.4.2

References

CVE
CVE-2021-24739

Classification

Type

IDOR

OWASP top 10
A5: Broken Access Control
CWE
CWE-639

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID
2afadc76-93ad-47e1-a224-e442ac41cbce

Timeline

Publicly Published

2021-11-22 (about 1 years ago)

Added

2021-11-22 (about 1 years ago)

Last Updated

2022-04-11 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin