WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Gutenberg Template Library & Redux Framework < 4.2.13 - Unauthenticated Sensitive Information Disclosure

Description

Some AJAX actions of the plugin, available to unauthenticated users and used for support features could allow attackers to obtain potentially sensitive information such as the PHP version, active plugins along with their versions, as well as the unsalted MD5 hashes of the site’s AUTH_KEY and SECURE_AUTH_KEY.

Affects Plugins

redux-framework
Fixed in version 4.2.13

References

CVE
CVE-2021-38314
URL
https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

Yes

WPVDB ID
b6e6fa18-a292-49e1-a23b-d30606307455

Timeline

Publicly Published

2021-09-01 (about 1 years ago)

Added

2021-09-01 (about 1 years ago)

Last Updated

2022-04-08 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin