Vulnerabilities > CVE-2021-24845 - Unspecified vulnerability in Improved Include Page Project Improved Include Page 1.2

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

improved-include-page-project

NVD

Published: 2021-12-13

Updated: 2022-07-29

Summary

The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.

Vulnerable Configurations

Part	Description	Count
Application	Improved_Include_Page_Project Improved Include Page Project Improved Include Page - Improved Include Page Project Improved Include Page 1.2	2

References

https://wpscan.com/vulnerability/ab857454-7c7c-454d-9c7f-1db767961e5f