Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
CVE-2021-24227

7.5HIGH

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
12 April 2021

Summary

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.

Affected Version(s)

Patreon WordPress 1.7.0

References

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.