CVE-2021-38312 - OpenCVE

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redux	Gutenberg Template Library \& Redux Framework

Configuration 1 [-]

cpe:2.3:a:redux:gutenberg_template_library_\&_redux_framework:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-09-02T16:53:39.328243Z

Updated: 2024-09-16T17:04:13.063Z

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-38312

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-02T17:15:09.713

Modified: 2022-10-27T12:50:00.880

Link: CVE-2021-38312

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Gutenberg Template Library & Redux Framework", "vendor": "Redux.io", "versions": [{"lessThanOrEqual": "4.2.11", "status": "affected", "version": "4.2.11", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ramuel Gall, Wordfence"}], "datePublic": "2021-09-01T00:00:00", "descriptions": [{"lang": "en", "value": "The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the \u201credux/v1/templates/\u201d REST Route in \u201credux-templates/classes/class-api.php\u201d. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-280", "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-02T16:53:39", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/"}], "source": {"discovery": "INTERNAL"}, "title": "Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@wordfence.com", "DATE_PUBLIC": "2021-09-01T00:00:00.000Z", "ID": "CVE-2021-38312", "STATE": "PUBLIC", "TITLE": "Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Gutenberg Template Library & Redux Framework", "version": {"version_data": [{"version_affected": "<=", "version_name": "4.2.11", "version_value": "4.2.11"}]}}]}, "vendor_name": "Redux.io"}]}}, "credit": [{"lang": "eng", "value": "Ramuel Gall, Wordfence"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the \u201credux/v1/templates/\u201d REST Route in \u201credux-templates/classes/class-api.php\u201d. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 Incorrect Authorization"}]}, {"description": [{"lang": "eng", "value": "CWE-280 Improper Handling of Insufficient Permissions or Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.465Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/"}]}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2021-38312", "datePublished": "2021-09-02T16:53:39.328243Z", "dateReserved": "2021-08-09T00:00:00", "dateUpdated": "2024-09-16T17:04:13.063Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redux:gutenberg_template_library_\\&_redux_framework:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8A4CBC31-7B53-462B-B51E-385476AF1E0E", "versionEndIncluding": "4.2.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the \u201credux/v1/templates/\u201d REST Route in \u201credux-templates/classes/class-api.php\u201d. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts."}, {"lang": "es", "value": "El plugin Gutenberg Template Library & Redux Framework versiones anteriores a 4.2.11 incluy\u00e9ndola para WordPress, usaba una comprobaci\u00f3n de autorizaci\u00f3n incorrecta en los endpoints de la API REST registrados bajo la ruta REST \"redux/v1/templates/\" en el archivo \"redux-templates/classes/class-api.php\". El \"permissions_callback usado en este archivo s\u00f3lo comprobaba la capacidad \"edit_posts\" que se concede a usuarios con menos privilegios, como los colaboradores, permitiendo a estos usuarios instalar plugins arbitrarios desde el repositorio de WordPress y editar entradas arbitrarias"}], "id": "CVE-2021-38312", "lastModified": "2022-10-27T12:50:00.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2021-09-02T17:15:09.713", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-280"}, {"lang": "en", "value": "CWE-863"}], "source": "security@wordfence.com", "type": "Secondary"}]}