CVE-2021-36888

Summary

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.

Affected Software

VendorProductVersion RangeStatus
OxilabImage Hover Effects Ultimate (WordPress plugin)<= 9.6.1 <= 9.6.1affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References