{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-24881", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2021-01-14T15:03:46.808Z", "datePublished": "2023-01-23T14:31:29.900Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-23T14:31:29.900Z"}, "title": "Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access", "problemTypes": [{"descriptions": [{"description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Passster", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "3.5.5.9"}], "defaultStatus": "unaffected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request."}], "references": [{"url": "https://wpscan.com/vulnerability/0967303d-ea49-4993-84eb-a7ec97240071", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "dc11", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:passster_project:passter:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C8291B1F-F495-482A-9F4B-2BD044641893", "versionEndExcluding": "3.5.5.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request."}, {"lang": "es", "value": "El complemento Passster de WordPress anterior a 3.5.5.9 no verifica correctamente la contrase\u00f1a, ni tampoco que la publicaci\u00f3n que se va a ver sea p\u00fablica, lo que permite a los usuarios no autenticados omitir la protecci\u00f3n ofrecida por el complemento y acceder a publicaciones arbitrarias (como contenido privado), enviando una solicitud espec\u00edficamente manipulada."}], "id": "CVE-2021-24881", "lastModified": "2023-11-07T03:31:21.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-23T15:15:13.147", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/0967303d-ea49-4993-84eb-a7ec97240071"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}