Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.8 views

CVE-2021-24192

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...

8.8CVSS7AI score0.01325EPSS
Exploits2References1
OSV
OSV
added 2021/05/14 12:15 p.m.6 views

CVE-2021-24192

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...

8.8CVSS7.4AI score0.01325EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/05/14 11:38 a.m.30 views

CVE-2021-24192 Tree Sitemap < 2.9 - Arbitrary Plugin Installation/Activation via Low Privilege User

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install...

8.8AI score0.01325EPSS
Exploits2References1
CVE
CVE
added 2021/05/14 11:38 a.m.49 views

CVE-2021-24192

The CVE-2021-24192 entry concerns the Tree Sitemap WordPress plugin (pre-2.9). Low-privilege users can abuse the AJAX action cp_plugins_do_button_job_later_callback to install arbitrary plugins and activate them via admin-ajax.php, enabling deployment of vulnerable plugins and potential RCE. Publ...

8.8CVSS8.8AI score0.01325EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder