Unrated severityNVD Advisory· Published May 14, 2021· Updated Aug 3, 2024
WP Maintenance Mode & Site Under Construction < 1.8.2 - Arbitrary Plugin Installation/Activation via Low Privilege User
CVE-2021-24191
Description
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.8.2
- wp-buy/WP Maintenance Mode & Site Under Constructionv5Range: 1.8.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90cmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.