Lucene search
PatchstackCVELIST:CVE-2021-36917HistoryNov 24, 2021 - 4:19 p.m.
CVE-2021-36917 WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability
2021-11-2416:19:08
CWE-284
Patchstack
www.cve.org
5
cve-2021-36917
wordpress
hide my wp
plugin
vulnerability
unauthenticated user
deactivation
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS
0.004
Percentile
74.6%
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.
CNA Affected
[
{
"product": "Hide My WP (WordPress plugin)",
"vendor": "wpWave",
"versions": [
{
"lessThanOrEqual": "6.2.3",
"status": "affected",
"version": "<= 6.2.3",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2021-11-24 17:15:00
cnvd
cnvd
WordPress Plugin Access Control Error Vulnerability (CNVD-2022-01698)
2021-11-25 00:00:00
nvd
nvd
CVE-2021-36917
2021-11-24 17:15:07
patchstack
patchstack
wpvulndb
wpvulndb
Hide My WP < 6.2.4 - Unauthenticated Plugin Deactivation
2021-11-24 00:00:00
cve
cve
CVE-2021-36917
2021-11-24 17:15:07
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS
0.004
Percentile
74.6%
Related for CVELIST:CVE-2021-36917