WordPress Plugin Vulnerabilities

Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

Description

The plugin allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.

Proof of Concept

Affects Plugins

Plugin icon
improved-include-page
No known fix

References

CVE
CVE-2021-24845

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
https://carluc.ci
Submitter twitter
francecarlucci
Verified
Yes
WPVDB ID
ab857454-7c7c-454d-9c7f-1db767961e5f

Timeline

Publicly Published
2021-11-15 (about 4 years ago)
Added
2021-11-15 (about 4 years ago)
Last Updated
2022-04-11 (about 3 years ago)

Other

Published
Title
Published
2024-03-04
Title
Password Protected Store for WooCommerce < 2.3 - Unauthenticated Arbitrary Post Tile & Content Access
Published
2021-11-01
Title
Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
Published
2025-02-18
Title
Education Addon for Elementor <= 1.3.1 - Authenticated (Contributor+) Insecure Direct Object Reference via naedu_elementor_template Shortcode
Published
2021-05-31
Title
The Plus Addons for Elementor Page Builder < 4.1.11 - Arbitrary Reset Pwd Email Sending
Published
2022-11-18
Title
WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation