← Voltar para CVEs
CVE-2021-24804
HIGH8.8
Descricao
The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site takeover.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado11/17/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
simple_jwt_login_project:simple_jwt_login
Fraquezas (CWE)
CWE-352
Referencias
https://wpscan.com/vulnerability/6f015e8e-462b-4ef7-a9a1-bb91e7d28e37(contact@wpscan.com)
https://wpscan.com/vulnerability/6f015e8e-462b-4ef7-a9a1-bb91e7d28e37(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.