Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access
CVE-2021-24881

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Passster
Vendor: CVE Published:; 23 January 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-24881?

The Passster WordPress plugin prior to version 3.5.5.9 contains a security flaw where it fails to adequately verify the password and the visibility status of posts. This flaw allows unauthenticated individuals to access restricted content by exploiting the plugin's weaknesses, thus breaching the intended access controls and potentially exposing private posts. A crafted request can lead to unauthorized exposure of sensitive information.

Affected Version(s)

Passster 0 < 3.5.5.9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-24881 - Proof of Concept

References

https://wpscan.com/vulnerability/0967303d-ea49-4993-84eb-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jan 23, 2023
👾
Exploit known to exist
Jan 23, 2023
Vulnerability published
Jan 23, 2023
Vulnerability Reserved
Jan 14, 2021

Credit

dc11

WPScan

Wordpress

Badges

What is CVE-2021-24881?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit