{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T05:33:19.233","vulnerabilities":[{"cve":{"id":"CVE-2021-38314","sourceIdentifier":"security@wordfence.com","published":"2021-09-02T17:15:09.777","lastModified":"2024-11-21T06:16:46.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`."},{"lang":"es","value":"El plugin Gutenberg Template Library &amp; Redux Framework versiones anteriores a 4.2.11 incluyéndola para WordPress, registraba varias acciones AJAX disponibles para usuarios no autenticados en la función \"includes\" en el archivo \"redux-core/class-redux-core.php\" que eran únicas para un sitio determinado pero deterministas y predecibles dado que se basaban en un hash md5 de la URL del sitio con un valor de salt conocido de \"-redux\" y un hash md5 del hash anterior con un valor de salt conocido de \"-support\". Estas acciones AJAX podrían ser usadas para recuperar una lista de plugins activos y sus versiones, la versión PHP del sitio, y un hash md5 sin salt de la \"AUTH_KEY\" del sitio concatenada con la \"SECURE_AUTH_KEY\""}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-760"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-916"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redux:gutenberg_template_library_\\&_redux_framework:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"4.2.11","matchCriteriaId":"8A4CBC31-7B53-462B-B51E-385476AF1E0E"}]}]}],"references":[{"url":"https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/","source":"security@wordfence.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}