There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62 | Third Party Advisory |
https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-05-17T16:48:52
Updated: 2021-05-17T16:48:52
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24289
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-17T17:15:08.120
Modified: 2021-05-24T18:28:55.987
Link: CVE-2021-24289
JSON object: View
Redhat Information
No data.
CWE