Unrated severityNVD Advisory· Published Apr 12, 2021· Updated Aug 3, 2024
AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
CVE-2021-24226
Description
In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/AccessAllydescription
- Range: <3.5.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.