Lucene search
China National Vulnerability DatabaseCNVD-2022-66592HistoryMar 02, 2022 - 12:00 a.m.
Wordpress Orange Form Plugin Cross-Site Request Forgery Vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
wordpress
orange form
plugin
cross-site request forgery
vulnerability
php
mysql
ajax
authorization
arbitrary posts
cnvd
EPSS
0.001
Percentile
36.7%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in Wordpress Orange Form Plugin 1.0.1 and prior versions, which stems from the plugin’s failure to perform any authorization and CSRF checks in all of its AJAX calls. An attacker could use this vulnerability to delete arbitrary posts.
Related
cvelist
cvelist
patchstack
patchstack
WordPress Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion
2021-12-29 00:00:00
cve
cve
CVE-2021-24688
2022-02-28 09:15:07
wpvulndb
wpvulndb
Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion
2021-12-29 00:00:00
wpexploit
wpexploit
Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion
2021-12-29 00:00:00
nvd
nvd
CVE-2021-24688
2022-02-28 09:15:07
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00