CVE-2021-24780 - Vulnerability Details

Vendors	Products
Single Post Exporter Project	Single Post Exporter

Link	Providers
https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Single Post Exporter", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.1.1", "status": "affected", "version": "1.1.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Francesco Carlucci"}], "descriptions": [{"lang": "en", "value": "The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-13T10:40:50", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}], "source": {"discovery": "EXTERNAL"}, "title": "Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24780", "STATE": "PUBLIC", "TITLE": "Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Single Post Exporter", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.1.1", "version_value": "1.1.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Francesco Carlucci"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:42:17.177Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24780", "datePublished": "2021-12-13T10:40:50", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:42:17.177Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Single Post Exporter (string)

vendor : Unknown (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.1.1 (string)

status : affected (string)

version : 1.1.1 (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Francesco Carlucci (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-352 (string)

description : CWE-352 Cross-Site Request Forgery (CSRF) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-12-13T10:40:50 (string)

orgId : 1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81 (string)

shortName : WPScan (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0 (string)

}

]

source : { »

discovery : EXTERNAL (string)

}

title : Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF (string)

x_generator : WPScan CVE Generator (string)

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : contact@wpscan.com (string)

ID : CVE-2021-24780 (string)

STATE : PUBLIC (string)

TITLE : Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Single Post Exporter (string)

version : { »

version_data : [ »

0 : { »

version_affected : <= (string)

version_name : 1.1.1 (string)

version_value : 1.1.1 (string)

}

]

}

]

}

vendor_name : Unknown (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : Francesco Carlucci (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL (string)

}

]

}

generator : WPScan CVE Generator (string)

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-352 Cross-Site Request Forgery (CSRF) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0 (string)

refsource : MISC (string)

url : https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0 (string)

}

]

}

source : { »

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T19:42:17.177Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81 (string)

assignerShortName : WPScan (string)

cveId : CVE-2021-24780 (string)

datePublished : 2021-12-13T10:40:50 (string)

dateReserved : 2021-01-14T00:00:00 (string)

dateUpdated : 2024-08-03T19:42:17.177Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:single_post_exporter_project:single_post_exporter:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "350AE609-2A63-4C28-9763-BF3E3A74A0CB", "versionEndIncluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL"}, {"lang": "es", "value": "El plugin Single Post Exporter de WordPress versiones hasta 1.1.1, no presenta comprobaciones de tipo CSRF al guardar sus configuraciones, lo que podr\u00eda permitir a atacantes hacer que un administrador con sesi\u00f3n iniciada las cambie por medio de un ataque CSRF y dar acceso a la funci\u00f3n de exportaci\u00f3n a cualquier rol como el de suscriptor. Los usuarios suscriptores podr\u00edan entonces exportar una publicaci\u00f3n/p\u00e1gina arbitraria (como privada y protegida por contrase\u00f1a) por medio de una URL directa"}], "id": "CVE-2021-24780", "lastModified": "2024-11-21T05:53:44.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-13T11:15:08.440", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:single_post_exporter_project:single_post_exporter:*:*:*:*:*:wordpress:*:* (string)

matchCriteriaId : 350AE609-2A63-4C28-9763-BF3E3A74A0CB (string)

versionEndIncluding : 1.1.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL (string)

}

1 : { »

lang : es (string)

value : El plugin Single Post Exporter de WordPress versiones hasta 1.1.1, no presenta comprobaciones de tipo CSRF al guardar sus configuraciones, lo que podría permitir a atacantes hacer que un administrador con sesión iniciada las cambie por medio de un ataque CSRF y dar acceso a la función de exportación a cualquier rol como el de suscriptor. Los usuarios suscriptores podrían entonces exportar una publicación/página arbitraria (como privada y protegida por contraseña) por medio de una URL directa (string)

}

]

id : CVE-2021-24780 (string)

lastModified : 2024-11-21T05:53:44.953 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-12-13T11:15:08.440 (string)

references : [ »

0 : { »

source : contact@wpscan.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0 (string)

}

]

sourceIdentifier : contact@wpscan.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : contact@wpscan.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object