← back
CVE-2021-24633

Countdown Block < 1.1.2 - Missing Authorisation in AJAX action

EPSS 0.7%CWE-862
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.
Affected products
Unknown · Countdown Block

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/431901eb-0f95-4033-b943-324e6d3844a5