CVE-2021-25032

CRITICAL EXPLOITED NUCLEI

PublishPress Capabilities <2.3.1 - CSRF

Title source: llm

Description

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.

Exploits (1)

nomisec WORKING POC

by RandomRobbieBF · client-side

https://github.com/RandomRobbieBF/CVE-2021-25032

View Code ZIP pw:eip

Nuclei Templates (1)

PublishPress Capabilities < 2.3.1 - Missing Authorization

CRITICALVERIFIEDby ritikchaddha

FOFA: body="/wp-content/plugins/capability-manager-enhanced"

References (2)

[Patch, Third Party Advisory] https://plugins.trac.wordpress.org/changeset/2640161

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/2f0f1a32-0c7a-48e6-8617-e0b2dcf62727

Scores

CVSS v3 9.8

EPSS 0.8189

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2021-12-06

Classification

CWE

CWE-862 CWE-352

Status published

Affected Products (2)

publishpress/capabilities < 2.3.1

Timeline

Published Jan 10, 2022

Tracked Since Feb 18, 2026