CVE-2021-24978 - OpenCVE

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
B4after	Osmapper

Configuration 1 [-]

cpe:2.3:a:b4after:osmapper:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/f0f2af29-e21e-4d16-9424-1a49bff7fb86	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-03-28T17:21:15

Updated: 2022-03-28T17:21:14

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24978

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-28T18:15:08.423

Modified: 2022-10-25T16:42:29.503

Link: CVE-2021-24978

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "OSMapper", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "2.1.5", "status": "affected", "version": "2.1.5", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "dc11"}], "descriptions": [{"lang": "en", "value": "The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-28T17:21:14", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/f0f2af29-e21e-4d16-9424-1a49bff7fb86"}], "source": {"discovery": "EXTERNAL"}, "title": "OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24978", "STATE": "PUBLIC", "TITLE": "OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OSMapper", "version": {"version_data": [{"version_affected": "<=", "version_name": "2.1.5", "version_value": "2.1.5"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "dc11"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/f0f2af29-e21e-4d16-9424-1a49bff7fb86", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/f0f2af29-e21e-4d16-9424-1a49bff7fb86"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24978", "datePublished": "2022-03-28T17:21:15", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2022-03-28T17:21:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:b4after:osmapper:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "11CE3CCD-1B48-485A-BCBB-2B64B28F9D63", "versionEndIncluding": "2.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog"}, {"lang": "es", "value": "El plugin OSMapper de WordPress versiones hasta 2.1.5, contiene una acci\u00f3n AJAX para eliminar un tipo de post relacionado con el plugin llamado \"map\" y est\u00e1 registrado con el prefijo wp_ajax_nopriv, haciendo que est\u00e9 disponible para usuarios no autenticados. No se presenta autorizaci\u00f3n, ni CSRF, ni comprobaciones para asegurar que el post a eliminar es un mapa. Como resultado, un usuario no autenticado puede eliminar entradas arbitrarias del blog"}], "id": "CVE-2021-24978", "lastModified": "2022-10-25T16:42:29.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-28T18:15:08.423", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/f0f2af29-e21e-4d16-9424-1a49bff7fb86"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Secondary"}]}