Login Sign Up

CVE-2021-4360

9.9 CRITICAL
Authentication Bypass

📋 TL;DR

The Controlled Admin Access WordPress plugin up to version 1.5.5 contains a privilege escalation vulnerability that allows attackers to create new administrator roles with unrestricted access. This affects WordPress sites using vulnerable versions of this plugin. Attackers can gain full administrative control over affected WordPress installations.

💻 Affected Systems

Products:
  • WordPress Controlled Admin Access Plugin
Versions: Up to and including 1.5.5
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress sites with the Controlled Admin Access plugin installed and activated.

📦 What is this software?

Controlled Admin Access by Wpruby

View all CVEs affecting Controlled Admin Access →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of WordPress site with attacker gaining full administrative privileges, allowing data theft, defacement, malware installation, and further network penetration.

🟠

Likely Case

Attackers create backdoor administrator accounts to maintain persistent access for future malicious activities like data exfiltration or ransomware deployment.

🟢

If Mitigated

With proper access controls and monitoring, unauthorized privilege escalation attempts would be detected and blocked before full compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some level of access to WordPress (typically contributor or author role) but then allows privilege escalation to administrator.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.6

Vendor Advisory: https://plugins.svn.wordpress.org/controlled-admin-access/trunk/readme.txt

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Controlled Admin Access plugin. 4. Click 'Update Now' if available, or download version 1.5.6+ from WordPress repository. 5. Activate updated plugin.

🔧 Temporary Workarounds

Disable Vulnerable Plugin

all

Temporarily disable the Controlled Admin Access plugin until patched

wp plugin deactivate controlled-admin-access

Restrict Plugin Access

all

Use WordPress role management to restrict who can access plugin configuration

🧯 If You Can't Patch

  • Remove the Controlled Admin Access plugin completely
  • Implement strict network access controls to limit who can access WordPress admin interface

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Controlled Admin Access version 1.5.5 or lower

Check Version:

wp plugin get controlled-admin-access --field=version

Verify Fix Applied:

Verify plugin version is 1.5.6 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access to /wp-admin/admin.php?page=controlled-admin-access
  • New administrator role creation in WordPress logs
  • Unexpected user privilege changes

Network Indicators:

  • HTTP POST requests to plugin configuration endpoints from unauthorized users

SIEM Query:

source="wordpress.log" AND ("controlled-admin-access" OR "privilege escalation" OR "new administrator role")

📊 Metadata

CVE ID: CVE-2021-4360
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Published: June 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON