Back to CVE List

CVE-2021-47932

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action with tcp_role set to administrator to gain full administrative access without authentication.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
thecartpress
Product
TheCartPress

External References

Discussion (0)

Add Comment

No comments yet. Be the first!