CVE-2021-24192 Vulnerability Details

  /     /     /  

CVE-2021-24192 Metadata Quick Info

CVE Published: 14/05/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: WPScan | Vendor: wp-buy | Product: Tree Sitemap (Pages, Posts & Categories list)
Status : PUBLISHED

CVE-2021-24192 Description

Low privileged users can use the AJAX action \'cp_plugins_do_button_job_later_callback\' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-285
CWE Name: CWE-285 Improper Authorization
Source: wp-buy

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-24192 Vulnerability Details