WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Gutenberg Template Library & Redux Framework < 4.2.13 - Contributor+ Arbitrary Plugin Installation and Post Deletion

Description

The plugin did not correctly check the authorisation in the redux/v1/templates/ REST API namespace, allowing any users with the edit_posts capability (ie contributor and above) to call the endpoints define in it. By using the redux/v1/templates/plugin-install one, they could install plugins from the WordPres repository, or delete arbitrary posts/pages via redux/v1/templates/delete_saved_block

Affects Plugins

redux-framework
Fixed in version 4.2.13

References

CVE
CVE-2021-38312
URL
https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

Yes

WPVDB ID
e690b887-de5f-4950-bedf-4a9f5fe9b773

Timeline

Publicly Published

2021-09-01 (about 1 years ago)

Added

2021-09-01 (about 1 years ago)

Last Updated

2022-04-08 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin