exploitDog

CVE-2021-24989

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog

Ссылки

https://wpscan.com/vulnerability/82c2ead1-1d3c-442a-ae68-359a4748447f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/82c2ead1-1d3c-442a-ae68-359a4748447f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpplugin:accept_donations_with_paypal:*:*:*:*:*:wordpress:*:*

Версия до 1.3.4 (исключая)

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-vpr8-rx78-hh89

github

около 4 лет назад

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog

EPSS

Процентиль: 29%

0.00103

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352