WordPress Plugin Vulnerabilities

WP Post Page Clone < 1.2 - Unauthorised Post Access

Description

The plugin allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally.

Proof of Concept

Affects Plugins

Plugin icon
wp-post-page-clone
Fixed in 1.2

References

CVE
CVE-2021-24733

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
a7fa5896-5a1d-44c6-985c-e4abcc53da0e

Timeline

Publicly Published
2021-12-27 (about 4 years ago)
Added
2021-12-27 (about 4 years ago)
Last Updated
2022-04-09 (about 3 years ago)

Other

Published
Title
Published
2022-08-01
Title
Affiliate For WooCommerce < 4.8.0 - Subscriber+ Unauthorised Actions
Published
2021-08-02
Title
WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation
Published
2024-02-12
Title
Sunshine Photo Cart: Free Client Galleries for Photographers < 3.1 - Unauthenticated Sensitive Information Exposure via Invoice
Published
2023-12-14
Title
WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS
Published
2021-04-20
Title
Redirection for Contact Form 7 < 2.3.4 - Unprotected AJAX Actions