CVE-2021-24781

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
imagesourcecontrolimage_source_control
𝑥
< 2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2606615/
https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0
https://plugins.trac.wordpress.org/changeset/2606615/
https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0