CVE-2021-25084 Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion

🗓️ 07 Feb 2022 15:47:18Reported by WPScanType

Advanced Cron Manager plugin vulnerability allowing unauthorized users to create or delete events and schedule

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-25084	7 Feb 202218:34	–	circl
CNNVD	WordPress plugin 访问控制错误漏洞	7 Feb 202200:00	–	cnnvd
CNVD	WordPress Plugin Authorization Issue Vulnerability	7 Mar 202200:00	–	cnvd
CVE	CVE-2021-25084	7 Feb 202215:47	–	cve
EUVD	EUVD-2021-11996	7 Oct 202500:30	–	euvd
NVD	CVE-2021-25084	7 Feb 202216:15	–	nvd
Patchstack	WordPress Advanced Cron Manager Pro premium plugin <= 2.5.2 - Arbitrary Events/Schedules Creation/Deletion vulnerability	4 Jan 202200:00	–	patchstack
Patchstack	WordPress Advanced Cron Manager – debug & control plugin <= 2.4.1 - Arbitrary Events/Schedules Creation/Deletion vulnerability	4 Jan 202200:00	–	patchstack
Prion	Code injection	7 Feb 202216:15	–	prion
RedhatCVE	CVE-2021-25084	22 May 202519:24	–	redhatcve

[
  {
    "product": "Advanced Cron Manager",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.4.2",
        "status": "affected",
        "version": "2.4.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Advanced Cron Manager Pro",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.5.3",
        "status": "affected",
        "version": "2.5.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/7c5c602f-499f-431b-80bc-507053984a06

15 Feb 2022 08:05Current

5Medium risk

Vulners AI Score5

EPSS0.00639

CWE-862