CVE-2021-24215

Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

EPSS 9.7%CWE-284

Vexday Risk Score

18Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 9.7%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

12 Apr 2021Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

Affected products

Unknown · Controlled Admin Access

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://m0ze.ru/vulnerability/%5B2021-03-18%5D-%5BWordPress%5D-%5BCWE-284%5D-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20