CVE-2021-24190

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c	Exploit Patch Third Party Advisory
https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wp-buy:conditional_marketing_mailer:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-05-14 12:15

Updated : 2024-11-21 05:52

NVD link : CVE-2021-24190

Mitre link : CVE-2021-24190

CVE.ORG link : CVE-2021-24190

JSON object : View

Products Affected

wp-buy

conditional_marketing_mailer

CWE

CWE-285

Improper Authorization

NVD-CWE-Other

{"id": "CVE-2021-24190", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-05-14T12:15:07.950", "references": [{"url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."}, {"lang": "es", "value": "Unos usuarios poco privilegiados pueden usar la acci\u00f3n AJAX \"cp_plugins_do_button_job_later_callback\" en el plugin de WordPress WooCommerce Conditional Marketing Mailer, versiones anteriores a 1.5.2, para instalar cualquier plugin (incluyendo una versi\u00f3n espec\u00edfica) del repositorio de WordPress, as\u00ed como desencadenar un plugin arbitrario desde el blog, que ayuda a los atacantes a instalar plugins vulnerables y podr\u00eda conllevar a vulnerabilidades m\u00e1s cr\u00edticas como una RCE"}], "lastModified": "2024-11-21T05:52:33.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wp-buy:conditional_marketing_mailer:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DBB45BBC-6169-41DF-B812-BD00419B768D", "versionEndExcluding": "1.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}