← Zuruck zu CVEs
CVE-2021-24380
MEDIUM4.3
Beschreibung
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.
CVE Details
CVSS v3.1 Bewertung4.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht8/16/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
shantz_wordpress_qotd_project:shantz_wordpress_qotd
Schwachen (CWE)
CWE-352CWE-352
Referenzen
https://wpscan.com/vulnerability/1dd0f9a8-22ab-4ecc-a925-605822739000(contact@wpscan.com)
https://wpscan.com/vulnerability/1dd0f9a8-22ab-4ecc-a925-605822739000(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.