CVE-2021-24546

CVE-2021-24546: EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

Vendor Unknown
Product Gutenberg Block Editor Toolkit – EditorsKit
Weakness CWE-94 · Code injection
Published October 11, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code

Key dates

02Disclosure timeline

October 11, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE