CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/2640161	Patch Third Party Advisory
https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727	Exploit Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:publishpress:capabilities:::::pro:wordpress::
	cpe:2.3:a:publishpress:capabilities:::::-:wordpress::

Information

Published : 2022-01-10 08:15

Updated : 2022-12-09 10:13

NVD link : CVE-2021-25032

Mitre link : CVE-2021-25032

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization

Advertisement

Products Affected

publishpress

capabilities

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://plugins.trac.wordpress.org/changeset/2640161", "name": "https://plugins.trac.wordpress.org/changeset/2640161", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727", "name": "https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-25032", "ASSIGNER": "contact@wpscan.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-01-10T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:publishpress:capabilities:*:*:*:*:pro:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.3.1"}, {"cpe23Uri": "cpe:2.3:a:publishpress:capabilities:*:*:*:*:-:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.3.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-12-09T18:13Z"}