Unrated severityNVD Advisory· Published Sep 20, 2021· Updated Aug 3, 2024
Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls
CVE-2021-24635
Description
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Visual Link Previewdescription
- Range: <2.2.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/854b23d9-e3f8-4835-8d29-140c580f11c9mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.