The Gutenberg Template Library & Redux Framework plugin versions up to 4.2.11 for WordPress contains a medium-severity vulnerability that allows unauthenticated users to access several AJAX actions. These actions are unique to given sites but are predictable, as they rely on an md5 hash of the site URL combined with a known salt value. This vulnerability allows attackers to retrieve sensitive information, including a list of active plugins, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY.
With a CVSS score of 5.3, this vulnerability poses a moderate risk to organizations using the affected plugin. The exploitability is classified as critical due to the potential for unauthorized access to sensitive site configurations and keys. Organizations should prioritize remediation to mitigate risks associated with this vulnerability.
The vulnerability was published on September 2, 2021, and has since been modified, indicating ongoing concerns related to its exploitation. Current exploitation status shows that public proof of concept (PoC) is available, which further emphasizes the urgency for organizations to address this issue.
Organizations should prioritize patching immediately. Monitoring and logging practices should be reinforced to detect any unauthorized access attempts that might exploit this vulnerability.
For organizations not yet patched, it is advisable to schedule remediation at the earliest opportunity, considering the critical nature of the exploitability and the potential for sensitive information exposure.
This vulnerability allows for the exploitation of predictable AJAX actions, which can lead to significant security concerns if not addressed promptly.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)