CVE-2021-24739

Published: Dec 21, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

Affected (1)

Products: Shapedplugin: Logo Carousel

Shapedplugin

1 product

Logo Carousel

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shapedplugin Logo Carousel	Before 3.4.2

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.