Vulnerabilities and security researches force21-suite ce21-suite

Nov 10, 2025

CVE, Research URL: CVE-2025-11008
Home page URL: Security reports for CE21 Suite
Application: CE21 Suite
Date: Nov 04, 2025
Research Description: The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible.
Affected versions: max 2.3.1.
Status: vulnerable

CVE, Research URL: CVE-2025-11007
Home page URL: Security reports for CE21 Suite
Application: CE21 Suite
Date: Nov 04, 2025
Research Description: The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to create new admin accounts on an affected site.
Affected versions: max 2.2.1.
Status: vulnerable

Dec 15, 2024

CVE, Research URL: CVE-2024-54293
Home page URL: Security reports for CE21 Suite
Application: CE21 Suite
Date: Dec 13, 2024
Research Description: Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0.
Affected versions: max 2.2.1.
Status: vulnerable

Nov 10, 2024

CVE, Research URL: CVE-2024-10284
Home page URL: Security reports for CE21 Suite
Application: CE21 Suite
Date: Nov 09, 2024
Research Description: The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.
Affected versions: max 2.2.1.
Status: vulnerable

CVE, Research URL: CVE-2024-10294
Home page URL: Security reports for CE21 Suite
Application: CE21 Suite
Date: Nov 09, 2024
Research Description: The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.
Affected versions: max 2.2.0.
Status: vulnerable

CVE, Research URL: CVE-2024-10285
Home page URL: Security reports for CE21 Suite
Application: CE21 Suite
Date: Nov 09, 2024
Research Description: The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.
Affected versions: max 2.2.0.
Status: vulnerable