Critical severity9.1NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2021-4374

Description

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site.

Affected products

Valvepress/Wordpress Automatic Plugin
cpe:2.3:a:valvepress:wordpress_automatic_plugin:*:*:*:*:*:wordpress:*:*
Range: <=3.53.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/nvdExploit
www.wordfence.com/threat-intel/vulnerabilities/id/d0567dc8-7a4c-42f4-bf45-f31a8efaa354nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.060
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000