CVE-2021-38314 Scanner

The Gutenberg Template Library & Redux Framework plugin for WordPress is a popular tool that enables users to develop custom WordPress themes and plugins quickly. It provides an extensive range of pre-built blocks and templates, making it simpler for developers to construct their designs. The plugin offers a simple, drag-and-drop interface that allows users to create complex layouts without coding knowledge. 

Recently, a critical vulnerability was detected in this plugin that allows unauthorized access to sensitive data. The CVE-2021-38314 vulnerability occurs when an attacker exploits a specific AJAX function that is available to unauthenticated users. The attackers can use the AJAX actions to obtain a list of active plugins and their versions, the site's PHP version, and unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY.` 

This vulnerability can lead to severe consequences when exploited, allowing hackers to gain access to the site's sensitive information. With this data, they can launch further attacks, exploit the WordPress core, and create privileged arbitrary files remotely. They can alter the site's content, add malware, and execute other malicious actions on the compromised system.

In conclusion, by subscribing to Security for Everyone, individuals can mitigate their digital assets and protect themselves from the latest vulnerabilities. As Security for Everyone continuously updates and scans their client's digital assets, users will have access to real-time protection against the latest vulnerabilities and cyber threats. Don't wait until it's too late, subscribe to Security for Everyone now for robust protection.

REFERENCES

• https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/