CVE-2021-24881

Published: Jan 23, 2023Modified: Apr 2, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.

Affected (1)

Products: Passster Project: Passter

Passster Project

1 product

Passter

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Passster Project Passter	Before 3.5.5.9

References (2)

https://wpscan.com/vulnerability/0967303d-ea49-4993-84eb-a7ec97240071

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/0967303d-ea49-4993-84eb-a7ec97240071

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.