cve/2021/CVE-2021-38312.md

### [CVE-2021-38312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38312)
![](https://img.shields.io/static/v1?label=Product&message=Gutenberg%20Template%20Library%20%26%20Redux%20Framework&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4.2.11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-280%20Improper%20Handling%20of%20Insufficient%20Permissions%20or%20Privileges&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brightgreen)

### Description

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/20142995/nuclei-templates