Controlled Admin Access < 1.5.2 - Improper Access Control & Privilege Escalation
CVE-2021-24215

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Controlled Admin Access
Vendor: CVE Published:; 12 April 2021

What is CVE-2021-24215?

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

Affected Version(s)

Controlled Admin Access 1.5.2

References

https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-...

x_refsource_CONFIRM

https://m0ze.ru/vulnerability/%5B2021-03-18%5D-%5BWordPre...

x_refsource_MISC

EPSS Score

37% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

m0ze

Wordpress

What is CVE-2021-24215?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit