What is CVE-2021-24472?

CVE-2021-24472 is a vulnerability in Qantumthemes Onair2, classified under Server-Side Request Forgery (SSRF). Published 2021-08-02.

Is CVE-2021-24472 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Qantumthemes Onair2

CVE-2021-24472

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display t…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.898 (99.6th percentile) — read the EPSS interpretation.

Affected products

Qantumthemes Onair2 — versions 3.9.9.2
Qantumthemes Qt Kentharadio — versions 2.0.2

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

References

wpscan.com/vulnerability/17591ac5-88fa-4cae-a61a-4dcf5dc0b72a (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24472?: CVE-2021-24472 is a vulnerability in Qantumthemes Onair2, classified under Server-Side Request Forgery (SSRF). Published 2021-08-02.
Is CVE-2021-24472 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.