Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for captchinoo by wp-buy

    CVE-2021-24189 (GCVE-0-2021-24189)

    Vulnerability from nvd – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:21
    VLAI
    Title
    Captchinoo, Google recaptcha for admin login page < 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User
    Summary
    Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Credits
    Bugbang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:18.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Captchinoo, Google recaptcha for admin login page",
              "vendor": "wp-buy",
              "versions": [
                {
                  "lessThan": "2.4",
                  "status": "affected",
                  "version": "2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bugbang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-14T11:38:16.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Captchinoo, Google recaptcha for admin login page \u003c 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24189",
              "STATE": "PUBLIC",
              "TITLE": "Captchinoo, Google recaptcha for admin login page \u003c 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Captchinoo, Google recaptcha for admin login page",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.4",
                                "version_value": "2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "wp-buy"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bugbang"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24189",
        "datePublished": "2021-05-14T11:38:16.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:18.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24189 (GCVE-0-2021-24189)

    Vulnerability from cvelistv5 – Published: 2021-05-14 11:38 – Updated: 2024-08-03 19:21
    VLAI
    Title
    Captchinoo, Google recaptcha for admin login page < 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User
    Summary
    Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Credits
    Bugbang
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:18.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Captchinoo, Google recaptcha for admin login page",
              "vendor": "wp-buy",
              "versions": [
                {
                  "lessThan": "2.4",
                  "status": "affected",
                  "version": "2.4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bugbang"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-14T11:38:16.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Captchinoo, Google recaptcha for admin login page \u003c 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24189",
              "STATE": "PUBLIC",
              "TITLE": "Captchinoo, Google recaptcha for admin login page \u003c 2.4 - Arbitrary Plugin Installation/Activation via Low Privilege User"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Captchinoo, Google recaptcha for admin login page",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.4",
                                "version_value": "2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "wp-buy"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Bugbang"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Low privileged users can use the AJAX action \u0027cp_plugins_do_button_job_later_callback\u0027 in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285 Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/74889e29-5349-43d1-baf5-1622493be90c"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24189",
        "datePublished": "2021-05-14T11:38:16.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:18.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }