cleantalk
Vulnerabilities and Security Researches

Advanced Cron Manager – debug & control, CVE-2021-25084

CVE, Research URL

CVE-2021-25084

Home page URL

Security reports for Advanced Cron Manager – debug & control

Application

Advanced Cron Manager – debug & control

Published on
Feb 07, 2022
Research Description
The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example
Affected versions
Min -, max 2.5.3.
Status
vulnerable
Previous vulnerability researches
Advanced Cron Manager – debug & control (CVE-2021-25084) , Jun 07, 2024
Advanced Cron Manager – debug & control (CVE-2024-31926) , Jun 07, 2024
Advanced Cron Manager – debug & control (CVE-2024-4004) , May 18, 2025
Advanced Cron Manager – debug & control (CVE-2024-43154) , Aug 12, 2024
New vulnerability
Joy Of Text Lite – SMS messaging for WordPress. (CVE-2024-7984) , May 19, 2025
CYAN Backup (CVE-2024-9663) , May 19, 2025
CYAN Backup (CVE-2024-9662) , May 19, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2024-6708) , May 19, 2025
Maspik – Spam Blacklist (CVE-2024-9182) , May 19, 2025