Strix
26.1K

CVE-2021-4362

CRITICALCVSS 9.8/10EPSS 1.42%

Last modified

CVE-2021-4362 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. EPSS estimates a 1.42% chance of exploitation in the next 30 days.

Description

The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.42%

69.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
WpkubeKiwi Social Share2.1.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-4362?
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.
How severe is CVE-2021-4362?
CVE-2021-4362 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.42% probability of exploitation in the next 30 days.
How do I fix CVE-2021-4362?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-4362?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST