Gutenberg Template Library & Redux Framework < 4.2.13 – Contributor+ Arbitrary Plugin Installation and Post Deletion | CVE 2021-38312 | Plugin Vulnerabilities

Description

The plugin did not correctly check the authorisation in the redux/v1/templates/ REST API namespace, allowing any users with the edit_posts capability (ie contributor and above) to call the endpoints define in it. By using the redux/v1/templates/plugin-install one, they could install plugins from the WordPres repository, or delete arbitrary posts/pages via redux/v1/templates/delete_saved_block

Affects Plugins

redux-framework

Fixed in 4.2.13

References

CVE

URL

https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Ram Gall (Wordfence)

Verified

Yes

WPVDB ID

e690b887-de5f-4950-bedf-4a9f5fe9b773

Timeline

Publicly Published

2021-09-01 (about 4 years ago)

Added

2021-09-01 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2020-07-07

Title

Adning Advertising < 1.5.6 - Unauthenticated Arbitrary File Upload/Deletion

Published

2021-09-20

Title

WP Import Export Lite < 3.9.5 - Subscriber+ Arbitrary Blog Options Update

Published

2024-05-21

Title

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_upload_callback

Published

2024-05-21

Title

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_list_callback

Published

2025-02-24

Title

Enfold < 7.0 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php