CVE-2021-24819

CVE-2021-24819: Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

Vendor Unknown

Product Page/Post Content Shortcode

Weakness CWE-863 · Incorrect authorization

Published December 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24819

Related vulnerabilities

CVE-2021-24819: Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

01Description

02Disclosure timeline

03References

04Related CVE