CVE-2021-24781

EUVD-2021-11693
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
imagesourcecontrolimage_source_control
𝑥
< 2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2606615/
https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0
https://plugins.trac.wordpress.org/changeset/2606615/
https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0