{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2021-47932/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2021-47932"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["TheCartPress 1.5.3.6"],"_cs_severities":["critical"],"_cs_tags":["wordpress","privilege-escalation","unauthenticated","CVE-2021-47932"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eCVE-2021-47932 affects WordPress TheCartPress version 1.5.3.6. This vulnerability allows unauthenticated attackers to escalate privileges and create administrator accounts. The attack involves sending a specifically crafted POST request to the AJAX handler, enabling the attacker to gain full administrative access to the WordPress site without needing existing credentials. This vulnerability was reported on May 10, 2026. Successful exploitation leads to a complete compromise of the affected WordPress installation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site running TheCartPress version 1.5.3.6.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a POST request targeting the \u003ccode\u003etcp_register_and_login_ajax\u003c/code\u003e action.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the \u003ccode\u003etcp_role\u003c/code\u003e parameter set to \u003ccode\u003eadministrator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted POST request to the WordPress site\u0026rsquo;s AJAX handler (\u003ccode\u003e/wp-admin/admin-ajax.php\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable code in TheCartPress plugin processes the request without proper authentication or authorization checks.\u003c/li\u003e\n\u003cli\u003eA new administrator account is created with the credentials specified in the POST request.\u003c/li\u003e\n\u003cli\u003eThe attacker logs in to the WordPress site using the newly created administrator account.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full control over the WordPress site, including the ability to modify content, install plugins, and manage users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2021-47932 allows attackers to gain complete administrative control over the affected WordPress site. This can lead to website defacement, data theft, malware distribution, and further compromise of the server. The impact is critical due to the ease of exploitation and the high level of access gained.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates for TheCartPress plugin if available from the vendor.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect POST requests to \u003ccode\u003e/wp-admin/admin-ajax.php\u003c/code\u003e with \u003ccode\u003etcp_register_and_login_ajax\u003c/code\u003e action and \u003ccode\u003etcp_role\u003c/code\u003e set to \u003ccode\u003eadministrator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to the AJAX handler.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests exploiting CVE-2021-47932.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-10T13:18:46Z","date_published":"2026-05-10T13:18:46Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47932-wordpress-privesc/","summary":"WordPress TheCartPress version 1.5.3.6 contains an unauthenticated privilege escalation vulnerability, CVE-2021-47932, allowing attackers to create administrator accounts via crafted POST requests to the AJAX handler.","title":"CVE-2021-47932: WordPress TheCartPress Unauthenticated Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2021-47932-wordpress-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2021-47932","version":"https://jsonfeed.org/version/1.1"}