Lucene search

K
prionPRIOn knowledge basePRION:CVE-2021-24226
HistoryApr 12, 2021 - 2:15 p.m.

Design/Logic Flaw

2021-04-1214:15:00
PRIOn knowledge base
www.prio-n.com
1

0.026 Low

EPSS

Percentile

90.4%

In the AccessAlly WordPress plugin before 3.5.7, the file “resource/frontend/product/product-shortcode.php” responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.

CPENameOperatorVersion
accessallylt3.5.7

0.026 Low

EPSS

Percentile

90.4%