Published: 10/01/2022 Updated: 09/12/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The PublishPress Capabilities WordPress plugin prior to 2.3.1, PublishPress Capabilities Pro WordPress plugin prior to 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.

Vulnerable Product	Search on Vulmon	Subscribe to Product
publishpress capabilities

PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise

CVE-2021-25032 PublishPress Capabilities 22 - 23 - Unauthenticated Arbitrary Options Update to Blog Compromise Description The plugin does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin As a result, unauthenticated attackers could update arbitrary blog

CWE-352 CWE-862 https://plugins.trac.wordpress.org/changeset/2640161 https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727 https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2021-25032

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-25032

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect