Vulnerability Description
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpruby | Controlled Admin Access | < 1.5.2 |
Related Weaknesses (CWE)
References
- https://m0ze.ru/vulnerability/%5B2021-03-18%5D-%5BWordPress%5D-%5BCWE-284%5D-Con
- https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20ExploitThird Party Advisory
- https://m0ze.ru/vulnerability/%5B2021-03-18%5D-%5BWordPress%5D-%5BCWE-284%5D-Con
- https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20ExploitThird Party Advisory
FAQ
What is CVE-2021-24215?
CVE-2021-24215 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS sett...
How severe is CVE-2021-24215?
CVE-2021-24215 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-24215?
Check the references section above for vendor advisories and patch information. Affected products include: Wpruby Controlled Admin Access.