CVE-2021-24853

The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://wpscan.com/vulnerability/240bed24-0315-4bbf-ba17-e4947e5ecacb	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qr_redirector_project:qr_redirector:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-11-17 11:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-24853

Mitre link : CVE-2021-24853

CVE.ORG link : CVE-2021-24853

JSON object : View

Products Affected

qr_redirector_project

qr_redirector

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-284

Improper Access Control

{"id": "CVE-2021-24853", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-11-17T11:15:08.493", "references": [{"url": "https://wpscan.com/vulnerability/240bed24-0315-4bbf-ba17-e4947e5ecacb", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects"}, {"lang": "es", "value": "El plugin QR Redirector de WordPress versiones anteriores a 1.6, no presenta capacidad y comprobaciones de tipo CSRF cuando se guardan los ajustes del QR Redirector a gran escala por medio de la acci\u00f3n qr_save_bulk AJAX, que podr\u00eda permitir a cualquier usuario autenticado, como el suscriptor, cambiar el c\u00f3digo de estado de la respuesta de redirecci\u00f3n de QR Redirects arbitrarios"}], "lastModified": "2021-11-19T17:24:17.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qr_redirector_project:qr_redirector:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E8F2C963-7DE1-4A6B-95D8-6CDF2A4589C4", "versionEndExcluding": "1.6"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}