CVE-2021-24851

CVE-2021-24851: Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

Vendor Unknown

Product Insert Pages

Weakness CWE-863 · Incorrect authorization

Published November 17, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue.

Key dates

02Disclosure timeline

November 17, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24851

Related vulnerabilities

04Related CVE

CVE-2025-4128 Mattermost Guest User Information Disclosure Vulnerability CVE-2023-47142 IBM Tivoli Application Dependency Discovery Manager privilege escalation CVE-2026-43889 Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model CVE-2018-8927