cbcvebase.
CVE-2021-24226
published 2021-04-12

CVE-2021-24226: In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form]…

PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
5.40%
91.7th percentile
In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.

Affected

1 ranges
VendorProductVersion rangeFixed in
accessallyaccessally< 3.5.73.5.7

Detection & IOCsextracted from sources · hover to see the quote

other<div id="accessally-testing-data"
  • Send an unauthenticated HTTP GET request to any public-facing page containing the [accessally_order_form] shortcode and look for the string '<div id="accessally-testing-data"' in the response body to confirm sensitive environment variable leakage.
  • No authentication or administrator role is required to trigger the vulnerability; any public-facing page with the shortcode is sufficient.
  • The leaked data is a PHP serialized dump of $_SERVER (all environment variables), so look for serialized PHP data structures in the HTTP response body alongside the accessally-testing-data div.
  • ·Vulnerability only affects AccessAlly WordPress plugin versions strictly before 3.5.7; version 3.5.7 and above are not affected.
  • ·The leakage is only present on pages where the site owner has placed the [accessally_order_form] shortcode; not all pages on an affected site will expose the data.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.