cnvd - cnvd-2021-29859

CNVD-2021-29859

Vulnerability from cnvd - Published: 2021-04-21

Title

WordPress插件存在未明漏洞（CNVD-2021-29859）

Description

WordPress 插件是WordPress开源的一个应用插件。 WordPress Facebook for WordPress插件3.0.0版本之前存在安全漏洞，攻击者可利用该漏洞通过可用的魔术方法，实现远程代码执行。

Severity

中

Patch Name

WordPress插件存在未明漏洞（CNVD-2021-29859）的补丁

Patch Description

WordPress 插件是WordPress开源的一个应用插件。 WordPress Facebook for WordPress插件3.0.0版本之前存在安全漏洞，攻击者可利用该漏洞通过可用的魔术方法，实现远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布相关补丁链接，请关注厂商主页及时更新： https://wordpress.org/download/ https://wordpress.org/plugins/wp-super-cache/

Reference

https://www.anquanke.com/vul/id/2412702

Impacted products

Name
WordPress Facebook <3.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24217"
    }
  },
  "description": "WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002 \n\nWordPress Facebook for WordPress\u63d2\u4ef63.0.0\u7248\u672c\u4e4b\u524d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53ef\u7528\u7684\u9b54\u672f\u65b9\u6cd5\uff0c\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://wordpress.org/download/\r\nhttps://wordpress.org/plugins/wp-super-cache/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-29859",
  "openTime": "2021-04-21",
  "patchDescription": "WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002 \r\n\r\nWordPress Facebook for WordPress\u63d2\u4ef63.0.0\u7248\u672c\u4e4b\u524d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53ef\u7528\u7684\u9b54\u672f\u65b9\u6cd5\uff0c\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress\u63d2\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-29859\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Facebook \u003c3.0.0"
  },
  "referenceLink": "https://www.anquanke.com/vul/id/2412702",
  "serverity": "\u4e2d",
  "submitTime": "2021-04-14",
  "title": "WordPress\u63d2\u4ef6\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-29859\uff09"
}

CVE-2021-24217 (GCVE-0-2021-24217)

Vulnerability from cvelistv5 – Published: 2021-04-12 14:01 – Updated: 2024-08-03 19:21

Title

Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain

Summary

The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.

Severity ?

No CVSS data available.

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

WPScan

References

URL

Tags

	https://wpscan.com/vulnerability/509f2754-a1a1-41…	x_refsource_CONFIRM
	https://www.wordfence.com/blog/2021/03/two-vulner…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Unknown	Facebook for WordPress	Affected: 3.0.0 , < 3.0.0 (custom)

Credits

Chloe Chamberland

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/509f2754-a1a1-4142-9126-ae023a88533a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Facebook for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chloe Chamberland"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-12T14:01:19",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/509f2754-a1a1-4142-9126-ae023a88533a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Facebook for WordPress \u003c 3.0.0 - PHP Object Injection with POP Chain",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24217",
          "STATE": "PUBLIC",
          "TITLE": "Facebook for WordPress \u003c 3.0.0 - PHP Object Injection with POP Chain"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Facebook for WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.0.0",
                            "version_value": "3.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Chloe Chamberland"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-502 Deserialization of Untrusted Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/509f2754-a1a1-4142-9126-ae023a88533a",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/509f2754-a1a1-4142-9126-ae023a88533a"
            },
            {
              "name": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/",
              "refsource": "MISC",
              "url": "https://www.wordfence.com/blog/2021/03/two-vulnerabilities-patched-in-facebook-for-wordpress-plugin/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24217",
    "datePublished": "2021-04-12T14:01:19",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:21:18.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-29859

CVE-2021-24217 (GCVE-0-2021-24217)

Tags

Sightings

Nomenclature