Details of VAR-202202-1201

ID

VAR-202202-1201

CVE

CVE-2021-24775

TITLE

Document Embedder WordPress Resource disclosure vulnerability in wrong area in plugin

Trust: 0.8

sources: JVNDB: JVNDB-2022-004593

DESCRIPTION

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. Document Embedder WordPress The plugin contains a resource disclosure vulnerability in the wrong area.Information may be obtained. WordPress is a blogging platform developed by the Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress

Trust: 1.71

sources: NVD: CVE-2021-24775 // JVNDB: JVNDB-2022-004593 // VULHUB: VHN-383496

AFFECTED PRODUCTS

vendor:	bplugins	model:	document embedder	scope:	lt	version:	1.7.5	Trust: 1.0
vendor:	bplugins	model:	document embedder	scope:	eq	version:	1.7.5	Trust: 0.8
vendor:	bplugins	model:	document embedder	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004593 // NVD: CVE-2021-24775

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-24775
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-24775
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-049
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-383496
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-24775
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-383496
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-24775
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-24775
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-383496 // JVNDB: JVNDB-2022-004593 // CNNVD: CNNVD-202202-049 // NVD: CVE-2021-24775

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.1
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-383496 // JVNDB: JVNDB-2022-004593 // NVD: CVE-2021-24775

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-049

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-049

PATCH

title:	Document Embedder	url:	https://wordpress.org/plugins/document-emberdder/	Trust: 0.8
title:	WordPress plugin Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184755	Trust: 0.6

sources: JVNDB: JVNDB-2022-004593 // CNNVD: CNNVD-202202-049

EXTERNAL IDS

db:	NVD	id:	CVE-2021-24775	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-004593	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-049	Trust: 0.6
db:	CNVD	id:	CNVD-2022-73200	Trust: 0.1
db:	VULHUB	id:	VHN-383496	Trust: 0.1

sources: VULHUB: VHN-383496 // JVNDB: JVNDB-2022-004593 // CNNVD: CNNVD-202202-049 // NVD: CVE-2021-24775

REFERENCES

url:	https://wpscan.com/vulnerability/c6f24afe-d273-4f87-83ca-a791a385b06b	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-24775	Trust: 1.4

sources: VULHUB: VHN-383496 // JVNDB: JVNDB-2022-004593 // CNNVD: CNNVD-202202-049 // NVD: CVE-2021-24775

SOURCES

db:	VULHUB	id:	VHN-383496
db:	JVNDB	id:	JVNDB-2022-004593
db:	CNNVD	id:	CNNVD-202202-049
db:	NVD	id:	CVE-2021-24775

LAST UPDATE DATE

2024-08-14T14:02:45.741000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-383496	date:	2022-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-004593	date:	2023-04-20T02:58:00
db:	CNNVD	id:	CNNVD-202202-049	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-24775	date:	2022-02-04T17:50:40.483

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-383496	date:	2022-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-004593	date:	2023-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202202-049	date:	2022-02-01T00:00:00
db:	NVD	id:	CVE-2021-24775	date:	2022-02-01T13:15:08.580