Vulnerabilities > CVE-2021-24633 - Missing Authorization vulnerability in Wpdeveloper Countdown Block

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

wpdeveloper

CWE-862

NVD

Published: 2021-09-27

Updated: 2021-11-05

Summary

The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.

Vulnerable Configurations

Part	Description	Count
Application	Wpdeveloper Wpdeveloper Countdown Block - Wpdeveloper Countdown Block 1.0.0 Wpdeveloper Countdown Block 1.0.1 Wpdeveloper Countdown Block 1.0.2 Wpdeveloper Countdown Block 1.0.3 Wpdeveloper Countdown Block 1.0.4 Wpdeveloper Countdown Block 1.1.0 Wpdeveloper Countdown Block 1.1.1	8

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/431901eb-0f95-4033-b943-324e6d3844a5