The Gutenberg Template Library & Redux Framework plugin <...
Moderate severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jul 19, 2023
Description
Published by the National Vulnerability Database
Sep 2, 2021
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jul 19, 2023
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the
includes
function inredux-core/class-redux-core.php
that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’sAUTH_KEY
concatenated with theSECURE_AUTH_KEY
.References