exploitDog

CVE-2021-24446

Опубликовано: 14 фев. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 6

EPSS Низкий

Описание

The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation

Ссылки

https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpchill:remove_footer_credit:*:*:*:*:*:wordpress:*:*

Версия до 1.0.6 (исключая)

EPSS

Процентиль: 25%

0.00084

Низкий

5.4 Medium

CVSS3

6 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-h45f-f9w2-prgp

github

почти 4 года назад

The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation

EPSS

Процентиль: 25%

0.00084

Низкий

5.4 Medium

CVSS3

6 Medium

CVSS2

Дефекты

CWE-352