CVE-2021-24195

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wp-buy:login_as_user_or_customer_\(user_switching\):*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-05-14 12:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-24195

Mitre link : CVE-2021-24195

CVE.ORG link : CVE-2021-24195

JSON object : View

Products Affected

wp-buy

login_as_user_or_customer_\(user_switching\)

CWE

NVD-CWE-Other CWE-285

Improper Authorization

{"id": "CVE-2021-24195", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-05-14T12:15:08.123", "references": [{"url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."}, {"lang": "es", "value": "Unos usuarios poco privilegiados pueden usar la acci\u00f3n AJAX \"cp_plugins_do_button_job_later_callback\" en el plugin de WordPress Login as User or Customer (User Switching), versiones anteriores a 1.8, para instalar cualquier plugin (incluyendo una versi\u00f3n espec\u00edfica) del repositorio de WordPress, as\u00ed como desencadenar un plugin arbitrario desde el blog, que ayuda a los atacantes a instalar plugins vulnerables y podr\u00eda conllevar a vulnerabilidades m\u00e1s cr\u00edticas como una RCE"}], "lastModified": "2022-07-30T12:33:24.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wp-buy:login_as_user_or_customer_\\(user_switching\\):*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "439E571B-9589-4F89-918D-67484A007370", "versionEndExcluding": "1.8"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}