What is CVE-2021-4374?

CVE-2021-4374 is a critical-severity vulnerability in Valvepress Wordpress Automatic Plugin, classified under Missing Authorization. CVSS score: 9.1/10. Published 2023-06-07.

How severe is CVE-2021-4374?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2021-4374 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Valvepress Wordpress Automatic Plugin

CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possib…

Vulnerability class: Broken Access Control

EPSS: 0.750 (98.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Valvepress Wordpress Automatic Plugin — versions 0

Weakness classification (CWE)

CWE-862 — Missing Authorization

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2021-4374?: CVE-2021-4374 is a critical-severity vulnerability in Valvepress Wordpress Automatic Plugin, classified under Missing Authorization. CVSS score: 9.1/10. Published 2023-06-07.
How severe is CVE-2021-4374?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2021-4374 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.