AccessAlly WordPress plugin < 3.5.7 - $_SERVER Superglobal Information Leakage CVE-2021-24226 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

AccessAlly WordPress plugin < 3.5.7 - $_SERVER Superglobal Information Leakage CVE-2021-24226 Scanner Detail

AccessAlly WordPress plugin < 3.5.7 allows Unauthenticated Sensitive Information Disclosure Vulnerability.

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.

Some Advice for Common Problems

You have to upgrade to the latest version.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service