Lucene search
China National Vulnerability DatabaseCNVD-2022-19817HistoryJan 26, 2022 - 12:00 a.m.
WordPress Accept Donations with PayPal plugin cross-site request forgery vulnerability
2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
0.001 Low
EPSS
Percentile
26.5%
WordPress is a set of blogging platforms developed using the PHP language by the WordPress (Wordpress) Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions of the Accept Donations with PayPal plugin for WordPress prior to 1.3.4. The vulnerability stems from the plugin’s lack of CSRF checks and its inability to ensure that posts to be deleted belong to the plugin, which can be exploited by attackers to Login administrator to delete arbitrary posts from the blog.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress accept donations with paypal plugin | lt | 1.3.4 |
Related
cve
cve
CVE-2021-24989
2022-01-24 08:15:09
prion
prion
Cross site request forgery (csrf)
2022-01-24 08:15:00
wpexploit
wpexploit
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF
2021-12-09 00:00:00
wpvulndb
wpvulndb
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF
2021-12-09 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2021-24989
2022-01-24 08:15:09