Lucene search

[email protected]CVE-2021-24150

HistoryApr 05, 2021 - 7:15 p.m.

CVE-2021-24150

2021-04-0519:15:00

CWE-918

[email protected]

web.nvd.nist.gov

cve-2021-24150

likebtn

wordpress

plugin

ssrf

vulnerability

unauthenticated

full-read

server-side request forgery

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.019 Low

EPSS

Percentile

88.7%

JSON

The LikeBtn WordPress Like Button Rating ? LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).

VendorProductVersionCPE
likebtnlike_button_rating*cpe:2.3:a:likebtn:like_button_rating:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
likebtn	like_button_rating	*	cpe:2.3:a:likebtn:like_button_rating::::::::

References

wpscan.com/vulnerability/6bc6023f-a5e7-4665-896c-95afa5b638fb

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.019 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2021-24150

cvelist1 prion1 nuclei1 wpexploit1 wpvulndb1