CVE-2021-38314

MEDIUM NUCLEI

Gutenberg Template Library & Redux Framework <= 4.2.11 - Sensitive Information Exposure

Title source: llm

Exploitation Summary

EIP tracks 7 public exploits for CVE-2021-38314. PoCs published by orangmuda, phrantom, akhilkoradiya. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits an unauthenticated sensitive information disclosure vulnerability in Redux Framework by chaining MD5-based key generation and remote code verification to leak sensitive data via WordPress admin-ajax.php.

Description

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`.

Exploits (7)

nomisec WORKING POC 7 stars

by orangmuda · poc

https://github.com/orangmuda/CVE-2021-38314

View Code ZIP pw:eip

This PoC exploits an unauthenticated sensitive information disclosure vulnerability in Redux Framework by chaining MD5-based key generation and remote code verification to leak sensitive data via WordPress admin-ajax.php.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Redux Framework (WordPress plugin)

No auth needed

Prerequisites: WordPress site with vulnerable Redux Framework plugin

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 6 stars

by phrantom · poc

https://github.com/phrantom/cve-2021-38314

View Code ZIP pw:eip

The exploit leverages predictable AJAX action names derived from MD5 hashes of the site URL to retrieve sensitive information, including active plugins, PHP version, and an unsalted MD5 hash of WordPress authentication keys. The PoC automates the process by generating the required hashes and querying the vulnerable endpoints.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress

No auth needed

Prerequisites: Target site URL · Vulnerable plugin version installed

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 4 stars

by akhilkoradiya · poc

https://github.com/akhilkoradiya/CVE-2021-38314

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2021-38314, which targets the Gutenberg Template Library & Redux Framework plugin for WordPress. The exploit retrieves sensitive information by leveraging predictable AJAX actions based on MD5 hashes of the site URL.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress

No auth needed

Prerequisites: Target URL with vulnerable plugin installed

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by twseptian · poc

https://github.com/twseptian/cve-2021-38314

View Code ZIP pw:eip

This repository contains a functional PHP exploit for CVE-2021-38314, which leverages predictable AJAX actions in the Redux Framework plugin to disclose sensitive information such as active plugins, PHP version, and unsalted hashes of WordPress authentication keys.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress

No auth needed

Prerequisites: Target WordPress site with vulnerable Redux Framework plugin installed

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by 0xGabe · poc

https://github.com/0xGabe/CVE-2021-38314

View Code ZIP pw:eip

The repository contains a functional Python script that exploits CVE-2021-38314, an unauthenticated AJAX action vulnerability in the Gutenberg Template Library & Redux Framework plugin for WordPress. The exploit generates predictable AJAX action keys using MD5 hashing and checks for vulnerability by sending crafted requests to the target.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress

No auth needed

Prerequisites: Target must have the vulnerable plugin installed and accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by c0ff33b34n · poc

https://github.com/c0ff33b34n/CVE-2021-38314

View Code ZIP pw:eip

The exploit leverages predictable AJAX action names derived from MD5 hashes of the target URL to retrieve sensitive information, including active plugins, PHP version, and unsalted MD5 hashes of WordPress authentication keys. It automates the process of generating the required hashes and querying the vulnerable endpoints.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Gutenberg Template Library & Redux Framework plugin <= 4.2.11

No auth needed

Prerequisites: Target URL · Access to the WordPress admin-ajax.php endpoint

MITRE ATT&CK

T1592 - Gather Victim Host Information T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by shubhayu-64 · poc

https://github.com/shubhayu-64/CVE-2021-38314

View Code ZIP pw:eip

This PoC exploits an unauthenticated sensitive information disclosure vulnerability in Redux Framework by generating a predictable hash and fetching sensitive data via an AJAX endpoint. The script automates the process of retrieving the disclosure code from Redux's verification server.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Redux Framework (WordPress plugin)

No auth needed

Prerequisites: Target must have Redux Framework installed and vulnerable

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

WordPress Redux Framework <=4.2.11 - Information Disclosure

MEDIUMby meme-lord

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/

Scores

CVSS v3 5.3

EPSS 0.2756

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-916 CWE-760

Status published

Products (1)

redux/gutenberg_template_library_\&_redux_framework < 4.2.11

Published Sep 02, 2021

Tracked Since Feb 18, 2026