CVE-2021-25084: 
WordPress vulnerability analysis and mitigation

CVE-2021-25084 is a security vulnerability affecting the Advanced Cron Manager WordPress plugin and its Pro version. The vulnerability was publicly disclosed on January 4, 2022, and involves missing authorization checks in AJAX actions. This security flaw affects Advanced Cron Manager versions up to 2.4.2 and Advanced Cron Manager Pro versions up to 2.5.3 (WPScan).

The vulnerability is classified as an Access Control issue (CWE-284) with a CVSS score of 5.4 (medium severity). The core issue stems from the lack of proper authorization checks in certain AJAX actions, which allows any authenticated user, including those with minimal privileges like subscribers, to add or remove events and schedules. This represents a broken access control vulnerability, categorized under OWASP Top 10 A5 (WPScan).

The vulnerability allows any authenticated user, regardless of their privilege level, to manipulate the cron events and schedules in WordPress. This means that even users with minimal privileges (such as subscribers) can create, modify, or delete scheduled tasks, potentially disrupting the website's automated operations (WPScan).

The vulnerability has been patched in Advanced Cron Manager version 2.4.2 and Advanced Cron Manager Pro version 2.5.3. Users are strongly advised to update their installations to these or later versions to mitigate the security risk (WPScan).