← Volver a CVEs
CVE-2021-38342
HIGH8.1
Descripcion
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado8/30/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
kylephillips:nested_pages
Debilidades (CWE)
CWE-352CWE-352
Referencias
https://www.wordfence.com/blog/2021/08/nested-pages-pat%E2%80%A6on-vulnerability/(security@wordfence.com)
https://www.wordfence.com/vulnerability-advisories/(nvd@nist.gov)
https://www.wordfence.com/blog/2021/08/nested-pages-pat%E2%80%A6on-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.