CVE-2021-24916: 
WordPress vulnerability analysis and mitigation

The Qubely WordPress plugin before version 1.8.6 contains a security vulnerability (CVE-2021-24916) that allows unauthenticated users to send arbitrary emails to arbitrary addresses. The vulnerability was discovered in 2021 and affects the plugin's AJAX action 'qubelysendform_data'. This security issue impacts all versions of the Qubely plugin prior to version 1.8.6 (WPScan).

The vulnerability is classified as an Access Control issue (CWE-284) with a CVSS v3.1 base score of 7.5 (HIGH), indicating significant severity. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, which means it can be exploited remotely with low attack complexity, requires no privileges, and needs no user interaction (NVD).

The vulnerability allows malicious actors to abuse the plugin's email functionality to send unauthorized emails from the affected WordPress installation. This could potentially be exploited for spam campaigns, phishing attacks, or other malicious email-based activities (WPScan).

The vulnerability has been patched in Qubely version 1.8.6. Website administrators running affected versions should immediately upgrade to version 1.8.6 or later to mitigate this security risk (WPScan).