CVE-2021-24226
published 2021-04-12CVE-2021-24226: In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form]…
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
5.40%
91.7th percentile
In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| accessally | accessally | < 3.5.7 | 3.5.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Send an unauthenticated HTTP GET request to any public-facing page containing the [accessally_order_form] shortcode and look for the string '<div id="accessally-testing-data"' in the response body to confirm sensitive environment variable leakage. ↗
- →No authentication or administrator role is required to trigger the vulnerability; any public-facing page with the shortcode is sufficient. ↗
- →The leaked data is a PHP serialized dump of $_SERVER (all environment variables), so look for serialized PHP data structures in the HTTP response body alongside the accessally-testing-data div. ↗
- ·Vulnerability only affects AccessAlly WordPress plugin versions strictly before 3.5.7; version 3.5.7 and above are not affected. ↗
- ·The leakage is only present on pages where the site owner has placed the [accessally_order_form] shortcode; not all pages on an affected site will expose the data. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
AccessAlly <3.5.7 - Sensitive Information Leakage
nuclei·CVSS 7.5
CVE-2021-24226 [HIGH] AccessAlly <3.5.7 - Sensitive Information Leakage
AccessAlly <3.5.7 - Sensitive Information Leakage
WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.
Template:
id: CVE-2021-24226
info:
name: AccessAlly <3.5.7 - Sensitive Information Leakage
author: dhiyaneshDK
severity: high
description: WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [acce
No writeups or analysis indexed.
2021-04-12
Published