CVE-2021-24717

EUVD-2021-11629
The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
automatorwpautomatorwp
𝑥
< 1.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f
https://wpscan.com/vulnerability/5916ea42-eb33-463d-8528-2a142805c91f