4 matches found
CVE-2021-24192
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...
CVE-2021-24192
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...
CVE-2021-24192 Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...
CVE-2021-24192
The CVE-2021-24192 entry concerns the Tree Sitemap WordPress plugin (pre-2.9). Low-privilege users can abuse the AJAX action cp_plugins_do_button_job_later_callback to install arbitrary plugins and activate them via admin-ajax.php, enabling deployment of vulnerable plugins and potential RCE. Publ...