Security Advisory

CVE-2021-24845

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-13 10:41:05

Last updated 2024-08-03 19:42:17

Assigner WPScan

State PUBLISHED

Description

The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.

← Browse all CVEs View on cve.org ↗