3 matches found
CVE-2021-24191
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blo...
CVE-2021-24191
The CVE-2021-24191 entry concerns the WordPress WP Maintenance Mode & Site Under Construction plugin (versions before 1.8.2). A low-privilege user can abuse the AJAX action cp_plugins_do_button_job_later_callback to install any plugin (including a specific version) from the WordPress repository a...
CVE-2021-24191 WP Maintenance Mode & Site Under Construction < 1.8.2 - Arbitrary Plugin Installation/Activation via Low Privilege User
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blo...