CVE-2021-24717

CVE-2021-24717: AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation

Vendor Unknown

Product AutomatorWP

Weakness CWE-863 · Incorrect authorization

Published November 1, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions.

Key dates

02Disclosure timeline

November 1, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24717 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering CVE-2025-40669 Incorrect Authorization vulnerability in TCMAN GIM CVE-2026-33015 EVerest has RemoteStop Bypass via BCB Toggle Session Restart CVE-2023-6837 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation CVE-2025-2242 Incorrect Authorization in GitLab