CVE-2021-24635 - The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX

CVE-2021-24635

Summary

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL

References

https://wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9

Vulnerable Configurations

cpe:2.3:a:bootstrapped:visual_link_preview:1.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:1.3.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.0.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.0.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.0.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.0.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:bootstrapped:visual_link_preview:2.2.2:*:*:*:*:wordpress:*:*

CVSS

Base:	5.5 (as of 25-10-2022 - 19:01)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:N

Last major update

25-10-2022 - 19:01

Published

20-09-2021 - 10:15

Last modified

25-10-2022 - 19:01