Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-38314

Published: 02/09/2021 Updated: 10/07/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Redux

Vulnerability Summary

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redux gutenberg template library \\& redux framework

Github Repositories

https://github.com/c0ff33b34n/CVE-2021-38314

Python exploit for CVE-2021-38314

Unauthenticated Sensitive Information Disclosure CVE-2021-38314 Python exploit for CVE-2021-38314 Use: python3 cve-2021-38314py wwwtargetcom The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4211 for WordPress registered several AJAX actions available to unauthenticated users in the "includes" function in "redux-core/class-redu

https://github.com/akhilkoradiya/CVE-2021-38314

CVE-2021-38314 Python Exploit

CVE-2021-38314 Python Exploit Detail The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4211 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-corephp that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site

https://github.com/phrantom/cve-2021-38314

CVE-2021-38314 Python Exploit Detail The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4211 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-corephp that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site

https://github.com/oxctdev/CVE-2021-38314

Unauthenticated Sensitive Information Disclosure (CVE-2021–38314).

CVE-2021-38314 Unauthenticated Sensitive Information Disclosure (CVE-2021–38314)

https://github.com/shubhayu-64/CVE-2021-38314

CVE-2021-38314 Unauthenticated Sensitive Information Disclosure (CVE-2021–38314)

https://github.com/0xGabe/CVE-2021-38314

Exploit in python3 to explore CVE-2021-38314 in Redux Framework a wordpress plugin

CVE-2021-38314 What is the vulnerability? The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4211 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-corephp that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the

https://github.com/twseptian/cve-2021-38314

cve-2021-38314 - Unauthenticated Sensitive Information Disclosure

cve-2021-38314 - Unauthenticated Sensitive Information Disclosure The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4211 for WordPress registered several AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-corephp that were unique to a given site but deterministic and predictable given that they were base

References

CWE-916https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/https://nvd.nist.govhttps://github.com/c0ff33b34n/CVE-2021-38314
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook