CVE-2021-24780 - OpenCVE

The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Single Post Exporter Project	Single Post Exporter

Configuration 1 [-]

cpe:2.3:a:single_post_exporter_project:single_post_exporter:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-12-13T10:40:50

Updated: 2024-08-03T19:42:17.177Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24780

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-13T11:15:08.440

Modified: 2021-12-15T21:35:37.073

Link: CVE-2021-24780

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Single Post Exporter", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.1.1", "status": "affected", "version": "1.1.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Francesco Carlucci"}], "descriptions": [{"lang": "en", "value": "The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-13T10:40:50", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}], "source": {"discovery": "EXTERNAL"}, "title": "Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24780", "STATE": "PUBLIC", "TITLE": "Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Single Post Exporter", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.1.1", "version_value": "1.1.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Francesco Carlucci"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:42:17.177Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24780", "datePublished": "2021-12-13T10:40:50", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:42:17.177Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:single_post_exporter_project:single_post_exporter:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "350AE609-2A63-4C28-9763-BF3E3A74A0CB", "versionEndIncluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able to export an arbitrary post/page (such as private and password protected) via a direct URL"}, {"lang": "es", "value": "El plugin Single Post Exporter de WordPress versiones hasta 1.1.1, no presenta comprobaciones de tipo CSRF al guardar sus configuraciones, lo que podr\u00eda permitir a atacantes hacer que un administrador con sesi\u00f3n iniciada las cambie por medio de un ataque CSRF y dar acceso a la funci\u00f3n de exportaci\u00f3n a cualquier rol como el de suscriptor. Los usuarios suscriptores podr\u00edan entonces exportar una publicaci\u00f3n/p\u00e1gina arbitraria (como privada y protegida por contrase\u00f1a) por medio de una URL directa"}], "id": "CVE-2021-24780", "lastModified": "2021-12-15T21:35:37.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-13T11:15:08.440", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8764e550-4127-471e-84e6-494d6106a3b0"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Secondary"}]}