Skip to content
Nuclei Templates

Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation

ID: CVE-2021-24215

Severity: critical

Author: r3Y3r53

Tags: cve2021,cve,authenticated,wpscan,wordpress,wp-plugin,wp,controlled-admin-access,wpruby

Description

Section titled “Description”

An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.

YAML Source

Section titled “YAML Source”
id: CVE-2021-24215


info:
  name: Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation
  author: r3Y3r53
  severity: critical
  description: |
    An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.
  remediation: Fixed in version 1.5.2
  reference:
    - https://wpscan.com/vulnerability/eec0f29f-a985-4285-8eed-d1855d204a20
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24215
    - https://www.opencve.io/cve/CVE-2021-24215
    - https://m0ze.ru/vulnerability/[2021-03-18]-[WordPress]-[CWE-284]-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt
    - https://m0ze.ru/vulnerability/%5B2021-03-18%5D-%5BWordPress%5D-%5BCWE-284%5D-Controlled-Admin-Access-WordPress-Plugin-v1.4.0.txt
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-24215
    cwe-id: CWE-425,CWE-284
    epss-score: 0.30288
    epss-percentile: 0.96943
    cpe: cpe:2.3:a:wpruby:controlled_admin_access:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wpruby
    product: controlled_admin_access
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/controlled-admin-access/
    fofa-query: body=/wp-content/plugins/controlled-admin-access/
    publicwww-query: /wp-content/plugins/controlled-admin-access/
  tags: cve2021,cve,authenticated,wpscan,wordpress,wp-plugin,wp,controlled-admin-access,wpruby


http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /wp-admin/options.php HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "This page allows direct access to your site settings") && contains(body_2, "Controlled Admin Access")'
        condition: and
# digest: 4b0a00483046022100c72393ceded0da4c3885e0653217b47a15cb50a5436a259f9ddeaef9d452f601022100da52958bcf0b902158a448515002eb6e6bdd94fc936e1414d1ff685d9688eabf:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24215.yaml"

View on Github