{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-4360", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-06-06T12:53:52.550Z", "datePublished": "2023-06-07T01:51:29.828Z", "dateUpdated": "2026-04-08T17:05:58.363Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:58.363Z"}, "affected": [{"vendor": "waseem_senjer", "product": "Controlled Admin Access", "versions": [{"version": "0", "status": "affected", "lessThan": "1.5.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access."}], "title": "Controlled Admin Access < 1.5.6 - Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve"}, {"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/"}, {"url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt"}, {"url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jerome Bruandet"}], "timeline": [{"time": "2021-03-30T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.684Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve", "tags": ["x_transferred"]}, {"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/", "tags": ["x_transferred"]}, {"url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt", "tags": ["x_transferred"]}, {"url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-23T16:01:06.594687Z", "id": "CVE-2021-4360", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-23T16:21:35.790Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve", "tags": ["x_transferred"]}, {"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/", "tags": ["x_transferred"]}, {"url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt", "tags": ["x_transferred"]}, {"url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.684Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-4360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-23T16:01:06.594687Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-23T16:01:08.641Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Jerome Bruandet"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "waseem_senjer", "product": "Controlled Admin Access", "versions": [{"status": "affected", "version": "*", "lessThan": "1.5.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2021-03-30T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve"}, {"url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/"}, {"url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt"}, {"url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c"}], "descriptions": [{"lang": "en", "value": "The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-06-07T01:51:29.828Z"}}}, "cveMetadata": {"cveId": "CVE-2021-4360", "state": "PUBLISHED", "dateUpdated": "2024-12-23T16:21:35.790Z", "dateReserved": "2023-06-06T12:53:52.550Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-06-07T01:51:29.828Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpruby:controlled_admin_access:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B6FDF6FD-64C0-4EFD-8137-76072D0AB5A5", "versionEndIncluding": "1.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access."}], "id": "CVE-2021-4360", "lastModified": "2026-04-08T18:17:16.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-07T02:15:14.293", "references": [{"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/"}, {"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt"}, {"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://blog.nintechnet.com/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://wpscan.com/vulnerability/5ddc0a9d-c081-4bef-aa87-3b10d037379c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}