CVE-2021-24688 - OpenCVE

The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Orange-form Project	Orange-form

Configuration 1 [-]

cpe:2.3:a:orange-form_project:orange-form:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/78bc7cf1-7563-4ada-aec9-af4c943e3e2c

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-28T09:06:02

Updated: 2024-08-03T19:42:16.089Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24688

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-28T09:15:07.370

Modified: 2022-03-07T18:33:22.633

Link: CVE-2021-24688

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Orange Form", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.0.1", "status": "affected", "version": "1.0.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Francesco Carlucci"}], "descriptions": [{"lang": "en", "value": "The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-28T09:06:02", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/78bc7cf1-7563-4ada-aec9-af4c943e3e2c"}], "source": {"discovery": "EXTERNAL"}, "title": "Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24688", "STATE": "PUBLIC", "TITLE": "Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Orange Form", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.0.1", "version_value": "1.0.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Francesco Carlucci"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)"}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/78bc7cf1-7563-4ada-aec9-af4c943e3e2c", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/78bc7cf1-7563-4ada-aec9-af4c943e3e2c"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:42:16.089Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/78bc7cf1-7563-4ada-aec9-af4c943e3e2c"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24688", "datePublished": "2022-02-28T09:06:02", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:42:16.089Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:orange-form_project:orange-form:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "ABCB5419-0856-4C60-B20D-D792A8022792", "versionEndIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)"}, {"lang": "es", "value": "El plugin Orange Form de WordPress versiones hasta 1.0.1 no dispone de comprobaciones de autorizaci\u00f3n y CSRF en todas sus llamadas AJAX, por ejemplo, la llamada or_delete_filed, que est\u00e1 disponible tanto para usuarios no autenticados como autenticados, podr\u00eda permitir a atacantes eliminar entradas arbitrarias."}], "id": "CVE-2021-24688", "lastModified": "2022-03-07T18:33:22.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-28T09:15:07.370", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/78bc7cf1-7563-4ada-aec9-af4c943e3e2c"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "contact@wpscan.com", "type": "Secondary"}]}