CVE-2021-24537
Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin.
El plugin Similar Posts de WordPress versiones hasta 3.1.5 permite a usuarios muy privilegiados ejecutar código PHP arbitrario en un entorno reforzado (es decir, con DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS y DISALLOW_UNFILTERED_HTML configurados como verdaderos) por medio de la configuración del widget "widget_rrm_similar_posts_condition" del plugin
*Credits:
bl4derunner
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-14 CVE Reserved
- 2021-10-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/0d6b46cb-5244-486f-ad70-4023907ac9eb | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Shareaholic Search vendor "Shareaholic" | Similar Posts Search vendor "Shareaholic" for product "Similar Posts" | <= 3.1.5 Search vendor "Shareaholic" for product "Similar Posts" and version " <= 3.1.5" | wordpress |
Affected
| ||||||