Vulnerability CVE-2021-36917


Published: 2021-11-24

Description:
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.

Type:

CWE-668

(Exposure of Resource to Wrong Sphere)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Wpwave -> Hide my wp 

 References:
https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability
https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158
https://patchstack.com/hide-my-wp-vulnerabilities-fixed/

Copyright 2021, cxsecurity.com

 

Back to Top