Arbitrary Post Meta Field Modification Vulnerability in Image Source Control WordPress Plugin

Arbitrary Post Meta Field Modification Vulnerability in Image Source Control WordPress Plugin

CVE-2021-24781 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)

Learn more about our Wordpress Pen Testing.