Lucene search
China National Vulnerability DatabaseCNVD-2022-19833HistoryJan 26, 2022 - 12:00 a.m.
WordPress WP Extra File Types plugin cross-site request forgery vulnerability
2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
0.001 Low
EPSS
Percentile
32.2%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. cross-site request spoofing vulnerability exists in versions of the Wordpress Plugin WP Extra File Types prior to 0.5.1, which stems from the fact that the WP Extra File Types WordPress plugin does not have CSRF checks when saving its settings. An attacker could use a spoofed malicious request to trick a victim into clicking through to perform a sensitive action.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress wp extra file types plugin | lt | 0.5.1 |
Related
cvelist
cvelist
wpvulndb
wpvulndb
WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
2021-12-27 00:00:00
wpexploit
wpexploit
WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
2021-12-27 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-01-24 08:15:00
nvd
nvd
CVE-2021-24936
2022-01-24 08:15:08
cve
cve
CVE-2021-24936
2022-01-24 08:15:08
openvas
openvas
WordPress WP Extra File Types Plugin < 0.5.1 CSRF Vulnerability
2023-09-25 00:00:00