4.3
CVE-2021-25084
- EPSS 0.17%
- Veröffentlicht 07.02.2022 16:15:44
- Zuletzt bearbeitet 21.11.2024 05:54:19
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdvanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion
The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example
Mögliche Gegenmaßnahme
Advanced Cron Manager – debug & control: Update to version 2.4.2, or a newer patched version
Advanced Cron Manager Pro: Update to version 2.4.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced Cron Manager – debug & control
Version
[*, 2.4.2)
SystemWordPress Plugin
≫
Produkt
Advanced Cron Manager Pro
Version
[*, 2.4.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bracketspace ≫ Advanced Cron Manager SwEdition- SwPlatformwordpress Version < 2.4.2
Bracketspace ≫ Advanced Cron Manager SwEditionpro SwPlatformwordpress Version < 2.5.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.389 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.