Arbitrary Post Meta Field Modification Vulnerability in Image Source Control WordPress Plugin
CVE-2021-24781 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)
Learn more about our Wordpress Pen Testing.