5 matches found
CVE-2021-24845
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with posttype & poststatus which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to...
CVE-2021-24845
The CVE refers to the WordPress plugin Improved Include Page, version
CVE-2021-24845 Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with posttype & poststatus which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to...
WordPress plugin Improved Include Page 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
The plugin allows passing shortcode attributes with posttype & poststatus which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to. PoC include-page allowtype="post" allowstatus="draft" id="131"...