nvd-json-data-feeds/CVE-2021/CVE-2021-423xx/CVE-2021-42359.json

{
  "id": "CVE-2021-42359",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2021-11-05T21:15:09.393",
  "lastModified": "2022-07-25T10:56:08.877",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, \u2018admin-dismiss-unsubscribe\u2018, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the \u201caction\u201d parameter set to \u201cadmin-dismiss-unsubscribe\u201d and the \u201cid\u201d parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question."
    },
    {
      "lang": "es",
      "value": "WP DSGVO Tools (GDPR) versiones anteriores a 3.1.23 incluy\u00e9ndola, ten\u00eda una acci\u00f3n AJAX, \"admin-dismiss-unsubscribe\", que carec\u00eda de una comprobaci\u00f3n de capacidad y de una comprobaci\u00f3n de nonce y estaba disponible para usuarios no autenticados, y no comprobaba el tipo de entrada cuando eliminaba las peticiones unsubscription. De este modo, un atacante pod\u00eda eliminar permanentemente una entrada o p\u00e1gina arbitraria del sitio enviando una petici\u00f3n AJAX con el par\u00e1metro \"action\" establecido como \"admin-dismiss-unsubscribe\" y el par\u00e1metro \"id\" establecido como la entrada que se iba a eliminar. El env\u00edo de dicha petici\u00f3n mover\u00eda el post a la papelera, y la repetici\u00f3n de la petici\u00f3n eliminar\u00eda permanentemente el post en cuesti\u00f3n"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      },
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    },
    {
      "source": "security@wordfence.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:legalweb:wp_dsgvo_tools:*:*:*:*:*:wordpress:*:*",
              "versionEndIncluding": "3.1.23",
              "matchCriteriaId": "F706DD52-8101-4A88-86BB-669622EE702F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.wordfence.com/blog/2021/11/vulnerability-in-wp-dsgvo-tools-gdpr-plugin-allows-unauthenticated-page-deletion/",
      "source": "security@wordfence.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}