Lucene search
WordfenceCVELIST:CVE-2021-38312HistorySep 01, 2021 - 12:00 a.m.
CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion
2021-09-0100:00:00
CWE-863
CWE-280
Wordfence
raw.githubusercontent.com
3
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissions_callback used in this file only checked for the edit_posts capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.
Related
osv
osv
CVE-2021-38312
2021-09-02 17:15:00
cnvd
cnvd
WordPress Gutenberg Template Library
2021-09-04 00:00:00
wpvulndb
wpvulndb
cve
cve
CVE-2021-38312
2021-09-02 17:15:00
prion
prion
Authorization
2021-09-02 17:15:00
threatpost
threatpost
Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites
2021-09-01 17:58:38
wordfence
wordfence
openvas
openvas
patchstack
patchstack
wpexploit
wpexploit
WP Mail Logging < 1.10.0 - Outdated Redux Framework
2021-11-29 00:00:00