Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-24215 PoC — WordPress plugin Controlled Admin Access访问控制错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-24215.yaml
Associated Vulnerability
Title:WordPress plugin Controlled Admin Access访问控制错误漏洞 (CVE-2021-24215)
Description:WordPress 插件是WordPress开源的一个应用插件。 WordPress 插件 Controlled Admin Access 1.5.2版本之前存在安全漏洞,该漏洞源于网站自定义功能和全局CMS设置(如/wp-admin/customization.php和/wp-admin/options.php)的不受控制的访问可能导致目标资源的完全破坏。
Description
An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.
File Snapshot

 id: CVE-2021-24215

info:
  name: Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Acces

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.