exploitDog

CVE-2021-24466

Опубликовано: 16 авг. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues

Ссылки

https://wpscan.com/vulnerability/37c7bdbb-f27f-47d3-9886-69d2e83d7581
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/37c7bdbb-f27f-47d3-9886-69d2e83d7581
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:verse-o-matic_project:verse-o-matic:*:*:*:*:*:wordpress:*:*

Версия до 4.1.1 (включая)

EPSS

Процентиль: 27%

0.00099

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3767-6mf5-hjrv

github

больше 3 лет назад

The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues

EPSS

Процентиль: 27%

0.00099

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79