Vulnerability Description
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chameleon Css Project | Chameleon Css | <= 1.2 |
Related Weaknesses (CWE)
References
- https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/ExploitThird Party Advisory
- https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165ExploitThird Party Advisory
- https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/ExploitThird Party Advisory
- https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165ExploitThird Party Advisory
FAQ
What is CVE-2021-24626?
CVE-2021-24626 is a vulnerability with a CVSS score of 8.8 (HIGH). The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthor...
How severe is CVE-2021-24626?
CVE-2021-24626 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24626?
Check the references section above for vendor advisories and patch information. Affected products include: Chameleon Css Project Chameleon Css.