CVE-2021-24739
Logo Carousel < 3.4.2 - Unauthorised Private Post Access
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
21 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →