CVE-2021-24227
HIGH EXPLOITED NUCLEIPatreon WordPress < 1.7.0 - Unauthenticated Local File Disclosure
Title source: llmExploitation Summary
CVE-2021-24227 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
Nuclei Templates (1)
Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion
HIGHby theamanrawat
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016
Exploit, Third Party Advisory x_refsource_misc
https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/
Scores
CVSS v3
7.5
EPSS
0.0588
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2023-12-24
CWE
CWE-200
Status
published
Products (1)
patreon/patreon_wordpress
< 1.7.0
Published
Apr 12, 2021
Tracked Since
Feb 18, 2026