CVE-2021-24881

CWE-287 — Improper Authentication4 documents4 sources

Severity

7.5HIGH

EPSS

1.1%

top 21.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Passster Passster Project Passter

Timeline

PublishedJan 23

Description

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5unknown/passster< 3.5.5.9

▶NVDpassster_project/passter< 3.5.5.9

🔴Vulnerability Details

CVEList

Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access↗2023-01-23

▶

GHSA

GHSA-c58r-vwf8-vx95: The Passster WordPress plugin before 3↗2023-01-23

▶

💥Exploits & PoCs

Exploit-DB

osTicket 1.14.2 - SSRF↗2021-01-19

▶