Vulnerability Description
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Patreon | Patreon Wordpress | < 1.7.0 |
Related Weaknesses (CWE)
References
- https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-pluginExploitThird Party Advisory
- https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016Third Party Advisory
- https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-pluginExploitThird Party Advisory
- https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016Third Party Advisory
FAQ
What is CVE-2021-24227?
CVE-2021-24227 is a vulnerability with a CVSS score of 7.5 (HIGH). The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attac...
How severe is CVE-2021-24227?
CVE-2021-24227 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24227?
Check the references section above for vendor advisories and patch information. Affected products include: Patreon Patreon Wordpress.