Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24818
HistoryDec 13, 2021 - 10:41 a.m.

CVE-2021-24818 WP Limits <= 1.0 - Plugin's Settings Update via CSRF

2021-12-1310:41:00
CWE-352
WPScan
www.cve.org

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values

CNA Affected

[
  {
    "product": "Wp Limits",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

Related for CVELIST:CVE-2021-24818