CVE-2021-24227

high

Description

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.

References

https://wpscan.com/vulnerability/f62df02d-7678-440f-84a1-ddbf09364016

https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/

Details

Source: Mitre, NVD

Published: 2021-04-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.05879