CVE-2021-38314: 
WordPress vulnerability analysis and mitigation

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress contained a vulnerability (CVE-2021-38314) that affected over 1 million websites. The vulnerability was discovered in 2021 and involved several AJAX actions that were accessible to unauthenticated users. These actions were deterministic and predictable as they were based on an MD5 hash of the site URL with known salt values (Wordfence Blog, Threatpost).

The vulnerability received a CVSS v3.1 score of 5.3 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The issue stemmed from AJAX actions registered in the 'includes' function within 'redux-core/class-redux-core.php'. These actions were based on an MD5 hash of the site URL with a salt value of '-redux' and a subsequent MD5 hash with a salt value of '-support'. The vulnerability was classified under CWE-916 (Use of Password Hash With Insufficient Computational Effort) and CWE-760 (Use of a One-Way Hash with a Predictable Salt) (NVD).

The vulnerability allowed unauthorized access to sensitive information including a list of active plugins and their versions, the site's PHP version, and an unsalted MD5 hash of the site's AUTHKEY concatenated with the SECUREAUTH_KEY. While this couldn't directly lead to site takeover, the information could be valuable for planning further attacks using other vulnerable plugins (Threatpost).

The vulnerability was patched in version 4.2.13 of the Gutenberg Template Library & Redux Framework plugin. Site administrators were advised to update their installations to this version or later to protect against potential exploitation (Wordfence Blog).