Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-24227

CWE-200Information Exposure5 documents5 sources
Severity
7.5HIGH
EPSS
38.7%
top 2.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown Patreon WordpressPatreon Patreon Wordpress
Timeline
PublishedApr 12
Latest updateMay 24

Description

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/patreon_wordpress1.7.01.7.0

🔴Vulnerability Details

3
GHSA
GHSA-cc3j-r9g7-4r8c: The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 12022-05-24
CVEList
Patreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure2021-04-12
VulnCheck
patreon patreon_wordpress Exposure of Sensitive Information to an Unauthorized Actor2021

💥Exploits & PoCs

1
Nuclei
Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
CVE-2021-24227 (HIGH CVSS 7.5) | The Jetpack Scan team identified a | cvebase.io