CVE-2021-24906
Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request
El plugin Protect WP Admin de WordPress versiones anteriores a 3.6.2, no comprueba la autorización en el archivo lib/pwa-deactivate.php, lo que podría permitir a usuarios no autenticados deshabilitar el plugin (y por tanto la protección ofrecida) por medio de una petición diseñada
The Protect WP Admin WordPress plugin before 3.7 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-12-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/4204682b-f657-42e1-941c-bee7a245e9fd | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wp-experts Search vendor "Wp-experts" | Protect Wp Admin Search vendor "Wp-experts" for product "Protect Wp Admin" | < 3.6.2 Search vendor "Wp-experts" for product "Protect Wp Admin" and version " < 3.6.2" | wordpress |
Affected
| ||||||