Primary

Context

CE21 Suite WordPress Plugin Missing Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in the CE21 Suite plugin for WordPress, specifically in versions 2.2.1 to 2.3.1. The issue arises from a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action, allowing unauthorized users to update the plugin's API settings. This includes modifying a secret key used for authentication, which could enable the creation of new admin accounts on the affected site.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain administrative privileges on the affected WordPress site by creating new admin accounts.

Remediation

No known patch is available for this vulnerability. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Nov 4, 2025, 4:29 AM

Updated: Nov 4, 2025, 4:29 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CE21 Suite WordPress Plugin Missing Authorization Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CE21 Suite

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating