Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access
CVE-2021-24881

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Passster
Vendor: CVE Published:; 23 January 2023

Summary

The Passster WordPress plugin prior to version 3.5.5.9 contains a security flaw where it fails to adequately verify the password and the visibility status of posts. This flaw allows unauthenticated individuals to access restricted content by exploiting the plugin's weaknesses, thus breaching the intended access controls and potentially exposing private posts. A crafted request can lead to unauthorized exposure of sensitive information.

Affected Version(s)

Passster 0 < 3.5.5.9

References

https://wpscan.com/vulnerability/0967303d-ea49-4993-84eb-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2023
Vulnerability Reserved
Jan 14, 2021

Credit

dc11

WPScan