cbcvebase.
CVE-2021-24472
published 2021-08-02

CVE-2021-24472: The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending…

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
56.61%
98.9th percentile
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF (Server Side Request Forgery) and RFI (Remote File Inclusion) vulnerabilities on the website.

Affected

4 ranges
VendorProductVersion rangeFixed in
qantumthemeskentharadio< 2.0.22.0.2
qantumthemesonair2< 3.9.9.23.9.9.2
qantumthemesonair2>= 3.9.9.2 < 3.9.9.23.9.9.2
qantumthemesqt_kentharadio>= 2.0.2 < 2.0.22.0.2

Detection & IOCsextracted from sources · hover to see the quote

otherstatus: 200
  • The OnAir2 theme and QT KenthaRadio plugin expose a proxy endpoint to unauthenticated users; monitor for unauthenticated HTTP requests to the proxy functionality that include external or internal URIs as parameters, indicating SSRF or RFI exploitation attempts.
  • The Nuclei template for this CVE checks for HTTP 200 responses from the exposed proxy endpoint; correlate unauthenticated 200 responses from the proxy path as a positive exploitation signal.
  • ·Nuclei template digest provided; can be used to verify template integrity before deployment.
  • ·Vulnerability affects OnAir2 WordPress theme before version 3.9.9.2 and QT KenthaRadio WordPress plugin before version 2.0.2; ensure patched versions are deployed to remediate the exposed proxy.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.