CVE-2021-24916

HIGH

7.5

CVSS Severity Score

EPSS Score0.1760%

EPSS Percentile27.84th

PublishedAug 7, 2023

Last ModifiedNov 21, 2024

Vulnerability Description

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.

Affected Platforms (CPE)

📦

Themeum

Qubely

< 1.8.6

References & Advisories

🔗 https://wpscan.com/vulnerability/93b893be-59ad-4500-8edb-9fa7a45304d5

Related Vulnerabilities

CVE-2002-105810.0

Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3.0 allows local users and remote attackers, to gain privileg...

CVE-2017-167149.8

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessib...

CVE-2017-140267.5

In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users whi...

CVE-2021-369137.5

Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at W...