https://github.com/twseptian/cve-2021-38314

cve-2021-38314 - Unauthenticated Sensitive Information Disclosure
https://github.com/twseptian/cve-2021-38314

cve-2021-38314 wordpress wordpress-plugin

Last synced: 7 months ago
JSON representation

cve-2021-38314 - Unauthenticated Sensitive Information Disclosure

• Host: GitHub
• URL: https://github.com/twseptian/cve-2021-38314
• Owner: twseptian
• Archived: true
• Created: 2022-05-15T02:10:01.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2022-05-15T12:38:38.000Z (over 3 years ago)
• Last Synced: 2025-02-17T07:43:22.710Z (9 months ago)
• Topics: cve-2021-38314, wordpress, wordpress-plugin
• Language: PHP
• Homepage:
• Size: 103 KB
• Stars: 2
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# cve-2021-38314 - Unauthenticated Sensitive Information Disclosure

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY` [1][2]

## Source code

```php