Descrição
Low privileged users can use the AJAX action ‘cp_plugins_do_button_job_later_callback’ in the Login Protection – Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24194
Tags
Nâo informado
Data de publicação
14/05/2021
Última atualização
24/02/2022
Pontuação em CVSS 3.0
8.8
Alto