WordfenceCVELIST:CVE-2021-39333CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.0%
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.
CNA Affected
[
{
"platforms": [
"WordPress"
],
"product": "Hashthemes Demo Importer",
"vendor": "Hashthemes",
"versions": [
{
"lessThanOrEqual": "1.1.1",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
]Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.0%