CVE-2021-24230 - OpenCVE

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Patreon	Patreon Wordpress

Configuration 1 [-]

cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/
https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-04-12T14:06:16

Updated: 2024-08-03T19:21:18.743Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24230

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-12T14:15:16.163

Modified: 2021-05-04T15:01:51.573

Link: CVE-2021-24230

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Patreon WordPress", "vendor": "Unknown", "versions": [{"lessThan": "1.7.0", "status": "affected", "version": "1.7.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"}], "descriptions": [{"lang": "en", "value": "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim\u2019s account once visited. If exploited, this bug can be used to overwrite the \u201cwp_capabilities\u201d meta, which contains the affected user account\u2019s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-12T14:06:16", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531"}], "source": {"discovery": "UNKNOWN"}, "title": "Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24230", "STATE": "PUBLIC", "TITLE": "Patreon WordPress < 1.7.0 - CSRF to Overwrite/Create User Meta"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Patreon WordPress", "version": {"version_data": [{"version_affected": "<", "version_name": "1.7.0", "version_value": "1.7.0"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim\u2019s account once visited. If exploited, this bug can be used to overwrite the \u201cwp_capabilities\u201d meta, which contains the affected user account\u2019s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/", "refsource": "MISC", "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"}, {"name": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:21:18.743Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24230", "datePublished": "2021-04-12T14:06:16", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:21:18.743Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "81276AAA-507E-4A2E-91C2-FA7A017066D9", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim\u2019s account once visited. If exploited, this bug can be used to overwrite the \u201cwp_capabilities\u201d meta, which contains the affected user account\u2019s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content."}, {"lang": "es", "value": "El equipo de Jetpack Scan identific\u00f3 una vulnerabilidad de tipo Cross-Site Request Forgery en el plugin Patreon de WordPress versiones anteriores a 1.7.0, permitiendo a un atacante hacer que un usuario registrado sobrescriba o cree metadatos de usuario arbitrarios en la cuenta de la v\u00edctima una vez visitada. Si se explota, este error se puede utilizar para sobrescribir la meta \"wp_capabilities\", que contiene los roles y privilegios de la cuenta de usuario afectada. Hacer esto esencialmente los bloquear\u00eda fuera del sitio, impidi\u00e9ndoles acceder a contenido pago"}], "id": "CVE-2021-24230", "lastModified": "2021-05-04T15:01:51.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-12T14:15:16.163", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/2deefa2d-3043-42e5-afef-a42c37703531"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Secondary"}]}