Lucene search

WordfenceCVELIST:CVE-2021-4360

HistoryJun 07, 2023 - 1:51 a.m.

CVE-2021-4360

2023-06-0701:51:29

Wordfence

www.cve.org

controlled admin access

wordpress

privilege escalation

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.

CNA Affected

[
  {
    "vendor": "waseem_senjer",
    "product": "Controlled Admin Access",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThan": "1.5.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/

plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt

wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c

www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Related for CVELIST:CVE-2021-4360