Vulnerability Details CVE-2021-36888
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.695
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://patchstack.com/database/vulnerability/image-hover-effects-ultimate/wordpress-image-hover-effects-ultimate-plugin-9-6-1-unauthenticated-arbitrary-options-update-leading-to-full-website-compromise
- https://wordpress.org/plugins/image-hover-effects-ultimate/#developers
- https://patchstack.com/database/vulnerability/image-hover-effects-ultimate/wordpress-image-hover-effects-ultimate-plugin-9-6-1-unauthenticated-arbitrary-options-update-leading-to-full-website-compromise
- https://wordpress.org/plugins/image-hover-effects-ultimate/#developers
Products affected by CVE-2021-36888
-
cpe:2.3:a:blocksera:image_hover_effects:-
-
cpe:2.3:a:blocksera:image_hover_effects:1.0
-
cpe:2.3:a:blocksera:image_hover_effects:1.1
-
cpe:2.3:a:blocksera:image_hover_effects:1.2
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.1
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.2
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.3
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.4
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.5
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.6
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.7
-
cpe:2.3:a:blocksera:image_hover_effects:1.2.8
-
cpe:2.3:a:blocksera:image_hover_effects:1.3.0
-
cpe:2.3:a:blocksera:image_hover_effects:1.3.1
-
cpe:2.3:a:blocksera:image_hover_effects:1.3.2
-
cpe:2.3:a:blocksera:image_hover_effects:1.3.3
-
cpe:2.3:a:blocksera:image_hover_effects:1.3.4