CVE-2021-24819— Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

EPSS 0.19% · P40 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-24819

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress 插件安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress是WordPress（Wordpress）基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 的Page/Post Content Shortcode 插件 1.0及之前版本存在安全漏洞，该漏洞源于未适当的授权。攻击者可利用该漏洞访问不应允许访问的草稿/私人/密码保护/垃圾帖子/页面，包括管理员和编辑等其他用户创建的帖子。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Unknown	Page/Post Content Shortcode	1.0 ~ 1.0	-

II. Public POCs for CVE-2021-24819

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-24819

请登录查看更多情报信息。

Same Patch Batch · Unknown · 2021-12-13 · 34 CVEs total

CVE-2021-24790		Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls
CVE-2021-24855		Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24848		Mediamatic < 2.8.1 - Subscriber+ SQL Injection
CVE-2021-24845		Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
CVE-2021-24836		Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update
CVE-2021-24818		WP Limits <= 1.0 - Plugin's Settings Update via CSRF
CVE-2021-24817		Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24795		Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF
CVE-2021-24792		Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
CVE-2021-24857		ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection
CVE-2021-24784		WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF
CVE-2021-24782		Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting
CVE-2021-24780		Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF
CVE-2021-24771		Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting
CVE-2021-24756		WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting
CVE-2021-24747		SEO Booster < 3.8 - Admin+ SQL Injection
CVE-2021-24705		NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF
CVE-2021-24972		Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting
CVE-2021-24859		User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access
CVE-2021-24861		Quotes Collection <= 2.5.2 - Admin+ SQL Injection

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: Unknown

Same weakness: CWE-863

V. Comments for CVE-2021-24819

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-24819— Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access

I. Basic Information for CVE-2021-24819

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-24819

III. Intelligence Information for CVE-2021-24819

Same Patch Batch · Unknown · 2021-12-13 · 34 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-24819

Leave a comment