CVE-2021-24803

The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://wpscan.com/vulnerability/97adac02-4163-48d4-ba14-0b1badfd3d42	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:core_tweaks_wp_setup_project:core_tweaks_wp_setup:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-02-28 09:15

Updated : 2024-02-28 19:09

NVD link : CVE-2021-24803

Mitre link : CVE-2021-24803

CVE.ORG link : CVE-2021-24803

JSON object : View

Products Affected

core_tweaks_wp_setup_project

core_tweaks_wp_setup

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2021-24803", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-02-28T09:15:07.620", "references": [{"url": "https://wpscan.com/vulnerability/97adac02-4163-48d4-ba14-0b1badfd3d42", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks"}, {"lang": "es", "value": "El plugin Core Tweaks WP Setup de WordPress versiones hasta 4.1, permite la configuraci\u00f3n masiva de muchos ajustes en WordPress, incluyendo el correo electr\u00f3nico del administrador, as\u00ed como la creaci\u00f3n de una nueva cuenta de administrador. No se presenta protecci\u00f3n de tipo CSRF, permitiendo a un atacante cambiar arbitrariamente el correo electr\u00f3nico del administrador o crear otra cuenta de administrador y tomar el control del sitio web por medio de ataques de tipo CSRF."}], "lastModified": "2022-03-07T18:11:40.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:core_tweaks_wp_setup_project:core_tweaks_wp_setup:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0B8E693F-2306-4448-A14E-65A6B2E9409B", "versionEndIncluding": "4.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}