CVE-2021-24231 Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon

2021-04-1214:06:31

CWE-352

WPScan

www.cve.org

patreon

wordpress

csrf

vulnerability

jetpack scan

disconnect

administrator

vulnerability

EPSS

0.001

Percentile

39.5%

JSON

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.

CNA Affected

[
  {
    "product": "Patreon WordPress",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.7.0",
        "status": "affected",
        "version": "1.7.0",
        "versionType": "custom"
      }
    ]
  }
]