https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-25032.yaml

标题： WordPress plugin PublishPress Capabilities 安全漏洞 (CVE-2021-25032)
描述：WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress 插件 PublishPress Capabilities 存在安全漏洞，未经身份验证的攻击者可以更新任意博客选项，例如默认角色，并使任何新注册用户成为管理员角色。

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator.

 id: CVE-2021-25032

info:
  name: PublishPress Capabilities < 2.3.1 - Missing Authorization
  author

...