CVE-2021-24546: Code Injection
First published: Mon Oct 11 2021(Updated: )
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Extendify Editorskit | <1.31.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Gutenberg Block Editor Toolkit vulnerability?
The vulnerability ID for this Gutenberg Block Editor Toolkit vulnerability is CVE-2021-24546.
What is the severity of CVE-2021-24546?
The severity of CVE-2021-24546 is high with a severity value of 8.8.
What is affected by CVE-2021-24546?
The Gutenberg Block Editor Toolkit before version 1.31.6 is affected by CVE-2021-24546.
What is the description of CVE-2021-24546?
CVE-2021-24546 describes a vulnerability in the Gutenberg Block Editor Toolkit WordPress plugin that allows users with a low contributor role to execute arbitrary PHP code.
How can I fix the CVE-2021-24546 vulnerability?
To fix the CVE-2021-24546 vulnerability, update the Gutenberg Block Editor Toolkit WordPress plugin to version 1.31.6 or later.
- collector/nvd-index
- vendor/extendify
- canonical/extendify editorskit