CVE-2021-24635 - OpenCVE

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bootstrapped	Visual Link Preview

Configuration 1 [-]

cpe:2.3:a:bootstrapped:visual_link_preview:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-20T10:06:38

Updated: 2024-08-03T19:35:20.300Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24635

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-20T10:15:09.217

Modified: 2022-10-25T19:01:19.947

Link: CVE-2021-24635

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Visual Link Preview", "vendor": "Unknown", "versions": [{"lessThan": "2.2.3", "status": "affected", "version": "2.2.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "apple502j"}], "descriptions": [{"lang": "en", "value": "The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-20T10:06:38", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9"}], "source": {"discovery": "UNKNOWN"}, "title": "Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24635", "STATE": "PUBLIC", "TITLE": "Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Visual Link Preview", "version": {"version_data": [{"version_affected": "<", "version_name": "2.2.3", "version_value": "2.2.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "apple502j"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.300Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24635", "datePublished": "2021-09-20T10:06:38", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.300Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bootstrapped:visual_link_preview:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FADC95C8-D0FB-4665-BF95-DB21480F1716", "versionEndExcluding": "2.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL"}, {"lang": "es", "value": "El plugin Visual Link Preview de WordPress versiones anteriores a 2.2.3, no impone una autorizaci\u00f3n en varias acciones AJAX y presenta el CSRF nonce mostrado para todos los usuarios autenticados, permitiendo a cualquier usuario autenticado (como el suscriptor) llamarlos y 1) Conseguir y buscar mediante el t\u00edtulo y el contenido del Borrador de la entrada, 2) conseguir el t\u00edtulo de una entrada protegida por contrase\u00f1a, as\u00ed como 3) Cargar una imagen desde una URL"}], "id": "CVE-2021-24635", "lastModified": "2022-10-25T19:01:19.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-20T10:15:09.217", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "contact@wpscan.com", "type": "Secondary"}]}