Lucene search

WPScanCVELIST:CVE-2021-24195

HistoryMay 14, 2021 - 11:38 a.m.

CVE-2021-24195 Login as User or Customer (User Switching) < 1.9 - Arbitrary Plugin Installation/Activation via Low Privilege User

2021-05-1411:38:16

CWE-285

WPScan

www.cve.org

cve-2021-24195

arbitrary plugin installation

low privilege user

wordpress plugin

rce vulnerability

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Low privileged users can use the AJAX action ‘cp_plugins_do_button_job_later_callback’ in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CNA Affected

[
  {
    "product": "Login as User or Customer (User Switching)",
    "vendor": "wp-buy",
    "versions": [
      {
        "lessThan": "1.8",
        "status": "affected",
        "version": "1.8",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c