CVE-2021-24649
CVSS V2 None
CVSS V3 Critical 9.8
Description
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin
Overview
- CVE ID
- CVE-2021-24649
- Assigner
- contact@wpscan.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-11-21T11:15:12
- Last Modified Date
- 2022-11-23T15:43:39
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:wedevs:wp_user_frontend:*:*:*:*:*:wordpress:*:* | 1 | OR | 3.5.29 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 9.8
- Base Severity
- CRITICAL
- Exploitability Score
- 3.9
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://wpscan.com/vulnerability/9486744e-ab24-44e4-b06e-9e0b4be132e2 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-24649 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24649 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-11-21 12:00:15 | Added to TrackCVE | |||
| 2022-12-07 17:56:25 | 2022-11-21T11:15Z | 2022-11-21T11:15:12 | CVE Published Date | updated |
| 2022-12-07 17:56:25 | 2022-11-23T15:43:39 | CVE Modified Date | updated | |
| 2022-12-07 17:56:25 | Analyzed | Vulnerability Status | updated | |
| 2022-12-07 17:56:26 | CPE Information | updated |