CVE-2021-24626 Information

Description

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls allowing any authenticated user such as subscriber to call them and perform unauthorised actions. One of AJAX call remove_css also does not sanitise or escape the css_id POST parameter before using it in a SQL statement leading to a SQL Injection

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/ https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8