CVE-2021-25084

EUVD-2021-11996
The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
bracketspaceadvanced_cron_manager
𝑥
< 2.4.2
bracketspaceadvanced_cron_manager
𝑥
< 2.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/7c5c602f-499f-431b-80bc-507053984a06
https://wpscan.com/vulnerability/7c5c602f-499f-431b-80bc-507053984a06