CVE-2021-24328

Опубликовано: 01 июн. 2021

Источник: nvd

CVSS3: 6.2

CVSS2: 3.5

EPSS Низкий

Описание

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well

Ссылки

https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html
Exploit
Third Party Advisory
https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt
https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace
Exploit
Third Party Advisory
https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html
Exploit
Third Party Advisory
https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt
https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clogica:wp_login_security_and_history:*:*:*:*:*:wordpress:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 40%

0.0018

Низкий

6.2 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-352

CWE-79

Связанные уязвимости

GHSA-3fcr-4vvp-335p