← back
CVE-2021-4374

WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update

CVSS 9.1 CRITICALEPSS 16.4%CWE-862
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
ValvePress · WordPress Automatic Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/https://www.wordfence.com/threat-intel/vulnerabilities/id/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=cve