Vulnerabilities > CVE-2021-24916 - Unspecified vulnerability in Themeum Qubely

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

themeum

NVD

Published: 2023-08-07

Updated: 2023-11-07

Summary

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.

Vulnerable Configurations

Part	Description	Count
Application	Themeum Themeum Qubely - Themeum Qubely 1.2.8 Themeum Qubely 1.2.9 Themeum Qubely 1.3.0 Themeum Qubely 1.3.1 Themeum Qubely 1.3.2 Themeum Qubely 1.3.3 Themeum Qubely 1.3.4 Themeum Qubely 1.3.5 Themeum Qubely 1.3.6 Themeum Qubely 1.3.7 Themeum Qubely 1.3.8 Themeum Qubely 1.3.9 Themeum Qubely 1.3.91 Themeum Qubely 1.4.0 Themeum Qubely 1.4.1 Themeum Qubely 1.5.0 Themeum Qubely 1.5.1 Themeum Qubely 1.5.2 Themeum Qubely 1.5.3 Themeum Qubely 1.5.4 Themeum Qubely 1.5.5 Themeum Qubely 1.6.0 Themeum Qubely 1.6.1 Themeum Qubely 1.6.2 Themeum Qubely 1.6.3 Themeum Qubely 1.6.4 Themeum Qubely 1.6.5 Themeum Qubely 1.6.6 Themeum Qubely 1.6.7 Themeum Qubely 1.6.8 Themeum Qubely 1.6.9 Themeum Qubely 1.7.0 Themeum Qubely 1.7.1 Themeum Qubely 1.7.2 Themeum Qubely 1.7.3 Themeum Qubely 1.7.4 Themeum Qubely 1.7.5 Themeum Qubely 1.7.6 Themeum Qubely 1.7.7 Themeum Qubely 1.7.8 Themeum Qubely 1.7.9 Themeum Qubely 1.8.0 Themeum Qubely 1.8.1 Themeum Qubely 1.8.2 Themeum Qubely 1.8.3 Themeum Qubely 1.8.4 Themeum Qubely 1.8.5	48

References

https://wpscan.com/vulnerability/93b893be-59ad-4500-8edb-9fa7a45304d5