CVE-2021-24191

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpshopmart:coming_soon_page_\&_maintenance_mode:*:*:*:*:*:wordpress:*:*

History

30 Jul 2022, 12:42

Type	Values Removed	Values Added
CWE	~~CWE-285~~	NVD-CWE-Other

24 May 2021, 20:05

Type	Values Removed	Values Added
CWE		CWE-285
References	~~(CONFIRM) https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c -~~	(CONFIRM) https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c - Exploit, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 8.8
CPE		cpe:2.3:a:wpshopmart:coming_soon_page_\&_maintenance_mode::::::wordpress::*

Information

Published : 2021-05-14 12:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-24191

Mitre link : CVE-2021-24191

CVE.ORG link : CVE-2021-24191

JSON object : View

Products Affected

wpshopmart

coming_soon_page_\&_maintenance_mode

CWE

NVD-CWE-Other CWE-285

Improper Authorization

{"id": "CVE-2021-24191", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-05-14T12:15:07.987", "references": [{"url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."}, {"lang": "es", "value": "Unos usuarios poco privilegiados pueden usar la acci\u00f3n AJAX \"cp_plugins_do_button_job_later_callback\" en el plugin de WordPress WP Maintenance Mode & Site Under Construction, versiones anteriores a 1.8.2, para instalar cualquier plugin (incluyendo una versi\u00f3n espec\u00edfica) desde el repositorio de WordPress, as\u00ed como desencadenar un plugin arbitrario desde el blog, que ayuda a los atacantes a instalar plugins vulnerables y podr\u00eda conllevar a vulnerabilidades m\u00e1s cr\u00edticas como una RCE"}], "lastModified": "2022-07-30T12:42:14.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wpshopmart:coming_soon_page_\\&_maintenance_mode:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0D842801-87F9-48E2-A635-37A0A6559842", "versionEndExcluding": "1.8.2"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}