China National Vulnerability DatabaseCNVD-2021-101717WordPress WP Admin Logo Changer plugin cross-site request forgery vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. WP Admin Logo Changer plugin is a WordPress open source application plugin. WordPress WP Admin Logo Changer plugin in version 1.0 and earlier has a cross-site request forgery vulnerability, which stems from saving its settings without The vulnerability stems from saving its settings without adequately verifying that the request comes from a trusted user. An attacker could exploit this vulnerability to perform administrator updates via CSRF attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress wp admin logo changer plugin | le | 1.0 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N