CVE-2021-24227
published 2021-04-12CVE-2021-24227: The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
5.88%
92.3th percentile
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| patreon | patreon_wordpress | < 1.7.0 | 1.7.0 |
Detection & IOCsextracted from sources · hover to see the quote
url/?patron_only_image=../../../../../../../../../../etc/passwd&patreon_action=serve_patron_only_image↗
- →Detect exploitation attempts by monitoring GET requests containing both 'patron_only_image' parameter with path traversal sequences and 'patreon_action=serve_patron_only_image' in the query string. ↗
- →A successful exploitation response will return HTTP 200 and contain the string matching 'root:[x*]:0:0' (Unix /etc/passwd content), indicating successful local file disclosure. ↗
- →The vulnerability is unauthenticated — no session or credentials are required. Any visitor to the site can trigger it via a crafted GET request. ↗
- ·The vulnerable parameter is 'patron_only_image', passed via GET to the 'serve_patron_only_image' action. The path traversal depth used in the PoC is 10 levels (../../../../../../../../../../), targeting /etc/passwd, but arbitrary files (e.g., wp-config.php) can be targeted. ↗
- ·Affected versions are Patreon WordPress plugin strictly before 1.7.0. Version 1.7.0 and later are not vulnerable. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cc3j-r9g7-4r8c: The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1
ghsa_unreviewed·2022-05-24
CVE-2021-24227 [HIGH] CWE-200 GHSA-cc3j-r9g7-4r8c: The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
VulnCheck
patreon patreon_wordpress Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2021·CVSS 7.5
CVE-2021-24227 [HIGH] patreon patreon_wordpress Exposure of Sensitive Information to an Unauthorized Actor
patreon patreon_wordpress Exposure of Sensitive Information to an Unauthorized Actor
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
Affected: patreon patreon_wordpress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-24&host_type=src&vulnerability=cve-2021-242
No detection rules found.
Nuclei
Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
nuclei·CVSS 7.5
CVE-2021-24227 [HIGH] Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
Template:
id: CVE-2021-24227
info:
name: Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
author: theamanrawat
severity: high
description: Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains data
https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016
2021-04-12
Published
Exploited in the wild