Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-24892
HistoryNov 23, 2021 - 8:15 p.m.

CVE-2021-24892

2021-11-2320:15:10
Google
osv.dev
5

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%

JSON

Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user’s email address and request for reset password, which could lead to take over of WordPress’s administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress’s user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function.

Related

nvd 1
cvelist 1
cve 1
patchstack 2
prion 1
nvd
nvd
CVE-2021-24892
2021-11-23 20:15:10
cvelist
cvelist
CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR
2021-11-23 19:16:23
cve
cve
CVE-2021-24892
2021-11-23 20:15:10
patchstack
patchstack
WordPress Advanced Forms Pro premium plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability
2021-10-21 00:00:00
WordPress Advanced Forms plugin <= 1.6.8 - Arbitrary User Email Address Update via IDOR vulnerability
2021-10-21 00:00:00
prion
prion
Design/Logic Flaw
2021-11-23 20:15:00

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.9%

JSON
Related for OSV:CVE-2021-24892
nvd1cvelist1cve1patchstack2prion1