Vulnerability Details CVE-2021-24279
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://wpscan.com/vulnerability/75f7690d-7f6b-48a8-a9d1-95578a657920
- https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
- https://wpscan.com/vulnerability/75f7690d-7f6b-48a8-a9d1-95578a657920
- https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
Products affected by CVE-2021-24279
-
cpe:2.3:a:querysol:redirection_for_contact_form_7:*