CVE-2021-24215

Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation

EPSS 9.7%CWE-284

Vexday Risk Score

18Baixo

Decisão SSVC (CISA)

Attend

PoC disponível → acompanhar de perto

CVSS —EPSS 9.7%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

12 abr 2021Publicada no NVD

Recomendação: Planejar correção próxima — já existe PoC pública.

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

Produtos afetados

Unknown · Controlled Admin Access

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://m0ze.ru/vulnerability/%5B2021-03-18%5D-%5BWordPress%5D-%5BCWE-284%5D-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20