Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2021-24380
HistoryAug 16, 2021 - 10:48 a.m.

CVE-2021-24380 Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF

2021-08-1610:48:18
CWE-352
WPScan
www.cve.org
3
cve-2021-24380
shantz wordpress qotd
csrf

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON

The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.

CNA Affected

[
  {
    "product": "Shantz WordPress QOTD",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.2.2",
        "status": "affected",
        "version": "1.2.2",
        "versionType": "custom"
      }
    ]
  }
]

Related

wpvulndb 1
wpexploit 1
nvd 1
prion 1
cve 1
wpvulndb
wpvulndb
Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF
2021-07-19 00:00:00
wpexploit
wpexploit
Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF
2021-07-19 00:00:00
nvd
nvd
CVE-2021-24380
2021-08-16 11:15:08
prion
prion
Cross site request forgery (csrf)
2021-08-16 11:15:00
cve
cve
CVE-2021-24380
2021-08-16 11:15:08

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

27.4%

JSON
Related for CVELIST:CVE-2021-24380
wpvulndb1wpexploit1nvd1prion1cve1