Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24636
HistorySep 20, 2021 - 10:06 a.m.

CVE-2021-24636 Print My Blog < 3.4.2 - Plugin Deactivation via CSRF

2021-09-2010:06:40
CWE-352
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

27.4%

The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link

CNA Affected

[
  {
    "product": "Print My Blog – Print, PDF, & eBook Converter WordPress Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.4.2",
        "status": "affected",
        "version": "3.4.2",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

27.4%

Related for CVELIST:CVE-2021-24636