CVE-2021-24845

CVE-2021-24845: Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

Vendor Unknown

Product Improved Include Page

Weakness CWE-284

Published December 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24845 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2021-24845: Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access

01Description

02Disclosure timeline

03References

04Related CVE