CVE-2021-38314 is a medium severity information exposure vulnerability affecting the Gutenberg Template Library & Redux Framework WordPress plugin version 4.2.11 and earlier. The vulnerability arises from several AJAX actions registered in the plugin's 'includes' function within 'redux-core/class-redux-core.php' that are accessible to unauthenticated users. These AJAX endpoints are unique per site but are deterministically generated using an MD5 hash of the site URL combined with a known salt '-redux', and a subsequent MD5 hash of that result with another known salt '-support'. Due to the predictability of these hashes, an attacker can derive the AJAX action names without authentication. Exploiting these endpoints allows an attacker to retrieve sensitive information including a list of active plugins and their versions, the site's PHP version, and an unsalted MD5 hash of the concatenation of the site's AUTH_KEY and SECURE_AUTH_KEY. The exposure of plugin versions and PHP version can aid attackers in fingerprinting the site and identifying known vulnerabilities to target. More critically, the leakage of the unsalted hash of authentication keys could potentially assist in offline attacks or further cryptanalysis attempts to compromise site security. The vulnerability does not allow direct modification of data or code execution but leaks confidential configuration details that reduce the security posture of affected sites. The CVSS 3.1 base score is 5.3 (medium), reflecting the network attack vector, no required privileges or user interaction, and limited confidentiality impact without integrity or availability effects. No known exploits in the wild have been reported to date.

For European organizations using WordPress sites with the affected Redux plugin version, this vulnerability poses a moderate risk. Information disclosure of active plugins and their versions can facilitate targeted attacks exploiting other known vulnerabilities in those plugins. Disclosure of the PHP version further aids attackers in crafting tailored exploits. The exposure of the unsalted hash of critical authentication keys, while not immediately enabling account takeover, weakens the cryptographic protection of site secrets and could be leveraged in sophisticated attacks or combined with other vulnerabilities. This is particularly concerning for organizations handling sensitive data or providing critical services via WordPress. The vulnerability could lead to increased reconnaissance by threat actors, potentially escalating to more severe attacks such as privilege escalation or site defacement if combined with other flaws. European entities in sectors like government, finance, healthcare, and e-commerce, which rely on WordPress for public-facing or internal portals, may face reputational damage, data confidentiality risks, and compliance challenges under GDPR if exploited.

Organizations should immediately upgrade the Gutenberg Template Library & Redux Framework plugin to a version later than 4.2.11 where this vulnerability is patched. If an upgrade is not immediately possible, administrators should restrict access to the vulnerable AJAX endpoints by implementing web application firewall (WAF) rules that block unauthenticated requests to these specific AJAX actions. Additionally, site owners should consider rotating WordPress authentication keys (AUTH_KEY and SECURE_AUTH_KEY) to invalidate any potentially compromised hashes. Regularly auditing installed plugins for updates and vulnerabilities, disabling unused plugins, and employing security plugins that monitor and limit AJAX action exposure can further reduce risk. Monitoring web server logs for unusual access patterns to AJAX endpoints can help detect exploitation attempts. Finally, applying the principle of least privilege to WordPress user roles and hardening PHP configurations can mitigate the impact of any subsequent attacks.