Lucene search
WPScanCVELIST:CVE-2021-24788HistoryNov 08, 2021 - 5:35 p.m.
CVE-2021-24788 Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
2021-11-0817:35:20
CWE-863
WPScan
www.cve.org
4
wordpress
plugin
vulnerability
authentication
subscribers
categories
posts
EPSS
0.001
Percentile
24.8%
The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.
CNA Affected
[
{
"product": "Batch Cat",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "0.3",
"status": "affected",
"version": "0.3",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-24788
2021-11-08 18:15:09
wpvulndb
wpvulndb
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
2021-10-05 00:00:00
patchstack
patchstack
wpexploit
wpexploit
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
2021-10-05 00:00:00
cnvd
cnvd
WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101471)
2021-11-10 00:00:00
cve
cve
CVE-2021-24788
2021-11-08 18:15:09
prion
prion
Authentication flaw
2021-11-08 18:15:00