Lucene search
CVE-2021-25032
The PublishPress Capabilities and Capabilities Pro WordPress plugins before 2.3.1 lack authorization and CSRF checks, allowing unauthenticated attackers to update arbitrary blog options and assign an administrator role to new users
Show more
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2021-25032 PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise | 10 Jan 202200:00 | – | cvelist |
 | WordPress PublishPress Capabilities plugin <= 2.3 - Unauthenticated Settings Change vulnerability | 6 Dec 202100:00 | – | patchstack |
 | PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise | 8 Dec 202100:00 | – | wpvulndb |
 | CVE-2021-25032 | 10 Jan 202216:15 | – | cve |
 | Exploit for Cross-Site Request Forgery (CSRF) in Publishpress Capabilities | 9 Aug 202310:41 | – | githubexploit |
 | WordPress PublishPress Capabilities Plugin < 2.3.1 Arbitrary Options Update Vulnerability | 18 Jan 202200:00 | – | openvas |
 | PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise | 8 Dec 202100:00 | – | wpexploit |
 | CVE-2021-25032 | 10 Jan 202216:15 | – | nvd |
 | Cross site request forgery (csrf) | 10 Jan 202216:15 | – | prion |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo10 Jan 2022 00:00Current
9.5High risk
Vulners AI Score9.5
CVSS27.5
CVSS39.8
EPSS0.37318