cleantalk
Vulnerabilities and Security Researches

WP Mail Logging, CVE-2021-38314

CVE, Research URL

CVE-2021-38314

Home page URL

Security reports for WP Mail Logging

Application

WP Mail Logging

Published on
Sep 02, 2021
Research Description
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`.
Affected versions
Min -, max 1.11.0.
Status
vulnerable
Previous vulnerability researches
Redux Framework , Aug 28, 2025
Redux Framework (CVE-2024-6828) , Jul 23, 2024
Redux Framework (CVE-2021-38314) , Jun 07, 2024
Redux Framework (CVE-2021-38312) , Jun 07, 2024
New vulnerability
Tiktok Feed &#8211; Best TikTok feed plugin for WordPress (CVE-2025-54710) , Aug 29, 2025
GiveWP &#8211; Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor &#8211; FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025