CVE-2021-24639 - OpenCVE

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ffw	Omgf

Configuration 1 [-]

cpe:2.3:a:ffw:omgf:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-09-20T10:06:45

Updated: 2024-08-03T19:35:20.417Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24639

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-20T10:15:09.520

Modified: 2022-12-20T22:10:18.437

Link: CVE-2021-24639

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "OMGF | Host Google Fonts Locally", "vendor": "Unknown", "versions": [{"lessThan": "4.5.4", "status": "affected", "version": "4.5.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "apple502j"}], "descriptions": [{"lang": "en", "value": "The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-20T10:06:45", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b"}], "source": {"discovery": "UNKNOWN"}, "title": "OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24639", "STATE": "PUBLIC", "TITLE": "OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OMGF | Host Google Fonts Locally", "version": {"version_data": [{"version_affected": "<", "version_name": "4.5.4", "version_value": "4.5.4"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "apple502j"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}, {"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.417Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24639", "datePublished": "2021-09-20T10:06:45", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.417Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ffw:omgf:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B487629C-4F55-4973-B63F-4130C3C80492", "versionEndExcluding": "4.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server."}, {"lang": "es", "value": "El plugin OMGF de WordPress versiones anteriores a 4.5.4, no aplica una comprobaci\u00f3n de la ruta, una autorizaci\u00f3n y el CSRF en la acci\u00f3n AJAX omgf_ajax_empty_dir, que permite a cualquier usuario autenticado eliminar archivos o carpetas arbitrarios en el servidor"}], "id": "CVE-2021-24639", "lastModified": "2022-12-20T22:10:18.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-20T10:15:09.520", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/1ada2a96-32aa-4e37-809c-705db6026e0b"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Secondary"}]}