Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2021-24781

🗓️ 01 Nov 2021 08:46:21Reported by WPScanType 
cve
 cve🔗 web.nvd.nist.gov👁 38 Views🌐 WEB

The WordPress plugin before 2.3.1 allows unauthorized user to change post meta field

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
CNNVD		WordPress 访问控制错误漏洞
1 Nov 202100:00
cnnvd
CNVD		WordPress Image Source Control Plugin Access Control Error Vulnerability
4 Nov 202100:00
cnvd
Cvelist		CVE-2021-24781 Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
1 Nov 202108:46
cvelist
EUVD		EUVD-2021-11693
7 Oct 202500:30
euvd
NVD		CVE-2021-24781
1 Nov 202109:15
nvd
OSV		CVE-2021-24781
1 Nov 202109:15
osv
Patchstack		WordPress Image Source Control plugin <= 2.3.0 - Arbitrary Post Meta Value Change vulnerability
4 Oct 202100:00
patchstack
Prion		Design/Logic Flaw
1 Nov 202109:15
prion
RedhatCVE		CVE-2021-24781
22 May 202521:05
redhatcve
wpexploit		Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
4 Oct 202100:00
wpexploit
Rows per page
NVD
Vulners
Node
imagesourcecontrolimage_source_controlRange<2.3.1wordpress
[
  {
    "product": "Image Source Control",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.3.1",
        "status": "affected",
        "version": "2.3.1",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
actionrequest body/wp-admin/admin-ajax.phpExploitable AJAX endpoint allows low-privilege users to modify arbitrary post meta via isc_save_meta.CWE-284
noncerequest body/wp-admin/admin-ajax.phpExploitable AJAX endpoint allows low-privilege users to modify arbitrary post meta via isc_save_meta.CWE-284
idrequest body/wp-admin/admin-ajax.phpExploitable AJAX endpoint allows low-privilege users to modify arbitrary post meta via isc_save_meta.CWE-284
keyrequest body/wp-admin/admin-ajax.phpExploitable AJAX endpoint allows low-privilege users to modify arbitrary post meta via isc_save_meta.CWE-284
valuerequest body/wp-admin/admin-ajax.phpExploitable AJAX endpoint allows low-privilege users to modify arbitrary post meta via isc_save_meta.CWE-284

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:53Current
4.6Medium risk
Vulners AI Score4.6
CVSS 24
CVSS 3.14.3
EPSS0.0014
CWE-284
cve-2021-24781image source controlwordpress pluginsecurity vulnerabilityunauthorized access
38