CVE-2021-4448

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

CVSS 7.3 HIGHEPSS 1.3%CWE-862

Vexday Risk Score

36Atenção

Decisão SSVC (CISA)

Attend

PoC disponível → acompanhar de perto

CVSS 7.3EPSS 1.3%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

16 out 2024Publicada no NVD

Recomendação: Planejar correção próxima — já existe PoC pública.

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Produtos afetados

SayenThemes · Kaswara Modern VC Addons

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477 https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf76527-9a11-4755-992c-02fbc1a79bae?source=cve