exploitDog

CVE-2021-24767

Опубликовано: 08 нояб. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpvibes:redirect_404_error_page_to_homepage_or_custom_page_with_logs:*:*:*:*:*:wordpress:*:*

Версия до 1.7.9 (исключая)

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-q43p-2mh4-5jv2

CVSS3: 6.5

github

больше 3 лет назад

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352