WordPress Plugin Vulnerabilities

WP Post Page Clone < 1.2 - Unauthorised Post Access

Description

The plugin allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally.

Proof of Concept

Go to All Posts, find the post to clone, click "Click to Clone" then edit the cloned post to see its content

Affects Plugins

wp-post-page-clone

Fixed in version 1.2

References

CVE

CVE-2021-24733

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

a7fa5896-5a1d-44c6-985c-e4abcc53da0e

Timeline

Publicly Published

2021-12-27 (about 1 years ago)

Added

2021-12-27 (about 1 years ago)

Last Updated

2022-04-09 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin