Lucene search

K
wpvulndbFrancesco CarlucciWPVDB-ID:C97B218C-B430-4301-884F-F64D0DD08F07
HistoryNov 15, 2021 - 12:00 a.m.

Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

2021-11-1500:00:00
Francesco Carlucci
wpscan.com
8

0.001 Low

EPSS

Percentile

24.8%

The plugin does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.

PoC

As a contributor, add the following shortcode in a page, replacing ID with the ID of a draft/private/password protected/trashed post/page to access, then preview the post to display the content [post-content-sc id=“ID”] [page-content-sc id=“ID”]

CPENameOperatorVersion
pagepost-content-shortcodeeq*

0.001 Low

EPSS

Percentile

24.8%

Related for WPVDB-ID:C97B218C-B430-4301-884F-F64D0DD08F07