CVE-2021-39333

The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.

CVSS v3 8.1 HIGH
CVSS v2.0 5.5 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.wordfence.com/blog/2021/10/site-deletion-vulnerability-in-hashthemes-plugin/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hashthemes:hashthemes_demo_importer:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-11-01 21:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-39333

Mitre link : CVE-2021-39333

CVE.ORG link : CVE-2021-39333

JSON object : View

Products Affected

hashthemes

hashthemes_demo_importer

CWE

NVD-CWE-Other CWE-284

Improper Access Control

{"id": "CVE-2021-39333", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-11-01T21:15:07.747", "references": [{"url": "https://www.wordfence.com/blog/2021/10/site-deletion-vulnerability-in-hashthemes-plugin/", "tags": ["Exploit", "Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads."}, {"lang": "es", "value": "El plugin Hashthemes Demo Importer para WordPress versiones anteriores a 1.1.1 incluy\u00e9ndola, conten\u00eda varias funciones AJAX que depend\u00edan de un nonce que era visible para todos los usuarios conectados para el control de acceso, permiti\u00e9ndoles ejecutar una funci\u00f3n que truncaba casi todas las tablas de la base de datos y eliminaba el contenido de wp-content/uploads"}], "lastModified": "2022-08-05T11:03:48.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashthemes:hashthemes_demo_importer:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C7597492-E643-48A8-9A49-96984B4E89E2", "versionEndIncluding": "1.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}