CVE-2021-24215

Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

EPSS 9.7%CWE-284

Vexday Risk Score

18Bajo

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS —EPSS 9.7%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

12 abr 2021Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

Productos afectados

Unknown · Controlled Admin Access

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://m0ze.ru/vulnerability/%5B2021-03-18%5D-%5BWordPress%5D-%5BCWE-284%5D-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20