CVE-2021-24752 Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

🗓️ 18 Oct 2021 13:46:10Reported by WPScanType

Unauthorised changes to multiple CatchThemes plugin

Reporter	Title	Published	Views	Family All 28
Circl	CVE-2021-24752	18 Oct 202118:31	–	circl
CNNVD	WordPress 插件跨站请求伪造漏洞	18 Oct 202100:00	–	cnnvd
CVE	CVE-2021-24752	18 Oct 202113:46	–	cve
EUVD	EUVD-2021-11664	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24752	18 Oct 202114:15	–	nvd
OSV	CVE-2021-24752	18 Oct 202114:15	–	osv
Patchstack	WordPress Catch Breadcrumb plugin <= 1.6 - Unauthorized Plugin Setting Change vulnerability	20 Sep 202100:00	–	patchstack
Patchstack	WordPress Essential Widgets plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability	20 Sep 202100:00	–	patchstack
Patchstack	WordPress Catch Scroll Progress Bar plugin <= 1.5 - Unauthorized Plugin Setting Change vulnerability	20 Sep 202100:00	–	patchstack
Patchstack	WordPress Essential Content Types plugin <= 1.8.6 - Unauthorized Plugin Setting Change vulnerability	20 Sep 202100:00	–	patchstack

[
  {
    "product": "Essential Widgets",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.9",
        "status": "affected",
        "version": "1.9",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "To Top",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "2.3",
        "status": "affected",
        "version": "2.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Header Enhancement",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.5",
        "status": "affected",
        "version": "1.5",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Generate Child Theme",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.6",
        "status": "affected",
        "version": "1.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Essential Content Types",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.9",
        "status": "affected",
        "version": "1.9",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Web Tools",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "2.7",
        "status": "affected",
        "version": "2.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Under Construction",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.4",
        "status": "affected",
        "version": "1.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Themes Demo Import",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.6",
        "status": "affected",
        "version": "1.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Sticky Menu",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.7",
        "status": "affected",
        "version": "1.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Scroll Progress Bar",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.6",
        "status": "affected",
        "version": "1.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Social Gallery and Widget",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "2.3",
        "status": "affected",
        "version": "2.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Infinite Scroll",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.9",
        "status": "affected",
        "version": "1.9",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Import Export",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.9",
        "status": "affected",
        "version": "1.9",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Gallery",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.7",
        "status": "affected",
        "version": "1.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Duplicate Switcher",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.6",
        "status": "affected",
        "version": "1.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch Breadcrumb",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "1.7",
        "status": "affected",
        "version": "1.7",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Catch IDs",
    "vendor": "CatchThemes",
    "versions": [
      {
        "lessThan": "2.4",
        "status": "affected",
        "version": "2.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/181a729e-fffe-457c-9e8d-a4343fd2e630

18 Oct 2021 13:46Current

5.8Medium risk

Vulners AI Score5.8

EPSS0.00172

CWE-284