Lucene search
China National Vulnerability DatabaseCNVD-2021-103370HistoryNov 04, 2021 - 12:00 a.m.
WordPress Far Future Expiry Header plugin cross-site request forgery vulnerability
2021-11-0400:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.001 Low
EPSS
Percentile
27.4%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Far Future Expiry Header plugin is vulnerable to cross-site request forgery, which stems from the lack of a valid CSRF check when the plugin saves settings, and can be exploited by attackers to make logged-in administrators change their settings through a CSRF attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress far future expiry header plugin | lt | 1.5 |
Related
patchstack
patchstack
cvelist
cvelist
nvd
nvd
CVE-2021-24799
2021-11-01 09:15:09
wpexploit
wpexploit
Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF
2021-10-04 00:00:00
prion
prion
Cross site request forgery (csrf)
2021-11-01 09:15:00
wpvulndb
wpvulndb
Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF
2021-10-04 00:00:00
cve
cve
CVE-2021-24799
2021-11-01 09:15:09