CVE-2021-36917 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Patchstack	CNA	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Vendor	Product	Version
wpwave	hide_my_wp	𝑥 ≤ 6.2.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

References

https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158

https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability

https://patchstack.com/hide-my-wp-vulnerabilities-fixed/

https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158

https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability

https://patchstack.com/hide-my-wp-vulnerabilities-fixed/