1. Home
  2. CVE Database
  3. CVE-2021-24188
HIGH · 8.8

CVE-2021-24188

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (includin...

Vulnerability Description

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Wp-BuyWp Content Copy Protection \& No Right Click< 3.1.5

Related Weaknesses (CWE)

CWE-285

References

FAQ

What is CVE-2021-24188?

CVE-2021-24188 is a vulnerability with a CVSS score of 8.8 (HIGH). Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (includin...

How severe is CVE-2021-24188?

CVE-2021-24188 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24188?

Check the references section above for vendor advisories and patch information. Affected products include: Wp-Buy Wp Content Copy Protection \& No Right Click.