Arbitrary Options Updates in WordPress Automatic Plugin by WordPress
CVE-2021-4374
9.1CRITICAL
What is CVE-2021-4374?
The WordPress Automatic Plugin, specifically in versions up to 3.53.2, contains a vulnerability that allows unauthenticated attackers to perform arbitrary updates to options due to insufficient authorization checks and lack of option validation in the process_form.php file. This significant flaw enables attackers to alter critical settings of compromised sites, posing a grave risk of complete site takeover without needing authentication.
Affected Version(s)
WordPress Automatic Plugin * < 3.53.3