CVE-2021-24635 — MEDIUM (5.4)

Q: How severe is CVE-2021-24635?

CVE-2021-24635 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24635?

Check the references section above for vendor advisories and patch information. Affected products include: Bootstrapped Visual Link Preview.

Vulnerability Description

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Bootstrapped	Visual Link Preview	< 2.2.3

Related Weaknesses (CWE)

CWE-284 CWE-862

References

https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9ExploitThird Party Advisory
https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9ExploitThird Party Advisory

FAQ

What is CVE-2021-24635?

CVE-2021-24635 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated us...

How severe is CVE-2021-24635?

CVE-2021-24635 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24635?

Check the references section above for vendor advisories and patch information. Affected products include: Bootstrapped Visual Link Preview.