China National Vulnerability DatabaseCNVD-2021-102816WordPress Pixel Cat plugin cross-site request forgery vulnerability
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. Pixel Cat Plugin is a WordPress open source application plugin. WordPress Pixel Cat Plugins has a cross-site request forgery vulnerability prior to 2.6.2, which stems from the Pixel Cat WordPress plugin not adequately saving settings when verify that the request comes from a trusted user. An attacker could use the spoofed malicious request to trick victims into clicking through to perform a sensitive action.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress pixel cat plugin | lt | 2.6.2 |
Related
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P