Gutenberg Template Library & Redux Framework < 4.2.13 – Contributor+ Arbitrary Plugin Installation and Post Deletion | CVE 2021-38312 | Plugin Vulnerabilities

Description

The plugin did not correctly check the authorisation in the redux/v1/templates/ REST API namespace, allowing any users with the edit_posts capability (ie contributor and above) to call the endpoints define in it. By using the redux/v1/templates/plugin-install one, they could install plugins from the WordPres repository, or delete arbitrary posts/pages via redux/v1/templates/delete_saved_block

Affects Plugins

redux-framework

Fixed in 4.2.13

References

CVE

URL

https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

Yes

WPVDB ID

e690b887-de5f-4950-bedf-4a9f5fe9b773

Timeline

Publicly Published

2021-09-01 (about 4 years ago)

Added

2021-09-01 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2021-10-18

Title

QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update

Published

2021-08-31

Title

WooCommerce Dynamic Pricing & Discounts < 2.4.2 - Unauthenticated Settings Export

Published

2024-01-16

Title

User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

Published

2024-02-27

Title

LifterLMS – WordPress LMS Plugin for eLearning < 7.5.2 - Missing Authorization via process_review

Published

2021-03-23

Title

SecuPress < 2.0 - Unauthenticated Arbitrary IP Ban