Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2021-47932 -- CVSS 9.8 Vulnerability Briefing

CVE-2021-47932 | CVSS 9.8 (Critical) | Exploit: No known exploit

What Is It

CVE-2021-47932 is an unauthenticated privilege escalation vulnerability in the TheCartPress plugin version 1.5.3.6 for WordPress, affecting the plugin's AJAX request handler.

Technical Detail

The flaw exists in TheCartPress's AJAX handler, which fails to enforce authentication or authorization checks before processing account creation requests. An unauthenticated remote attacker can submit a crafted AJAX request to create a new WordPress administrator account, gaining full administrative control over the affected site. This constitutes a complete privilege escalation from unauthenticated user to site administrator, with a CVSS score of 9.8 reflecting the low attack complexity and absence of any required privileges or user interaction.

Exploitation Status

No known exploit code has been publicly documented for this vulnerability, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. There is no confirmed evidence of active exploitation in the wild at this time. However, the low attack complexity and high impact of this vulnerability class make it an attractive target if proof-of-concept code becomes available.

Who Is Targeting This

No specific threat actor attribution at this time. Vulnerabilities of this type in WordPress plugins are broadly targeted by opportunistic actors conducting automated scanning campaigns against WordPress installations, but no named group has been attributed to exploitation of this specific CVE.

What To Do

Administrators running TheCartPress 1.5.3.6 should verify whether a patched version of the plugin is available from the vendor and apply it immediately given the critical severity rating. If no patch is available or the plugin is no longer actively maintained, the recommended course of action is to deactivate and remove the plugin from all WordPress installations. Site administrators should audit existing WordPress user accounts for any unauthorized administrator-level accounts as an indicator of prior compromise. Web application firewall rules that restrict unauthenticated access to WordPress AJAX endpoints can provide a compensating control while remediation is completed.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →