CVE-2021-24227

HIGH EXPLOITED NUCLEI

Patreon Wordpress < 1.7.0 - Information Disclosure

Title source: rule

Description

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.

Nuclei Templates (1)

Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion

HIGHby theamanrawat

References (2)

[Exploit, Third Party Advisory] https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/

[Third Party Advisory] https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016

Scores

CVSS v3 7.5

EPSS 0.3869

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-24

CWE

CWE-200

Status published

Products (1)

patreon/patreon_wordpress < 1.7.0

Published Apr 12, 2021

Tracked Since Feb 18, 2026