Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2021-24978
HistoryMar 28, 2022 - 5:21 p.m.

CVE-2021-24978 OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion

2022-03-2817:21:15
CWE-862
WPScan
www.cve.org
3
osmapper
wordpress
plugin
unauthenticated
post deletion
ajax
csrf
arbitrary
deletion

EPSS

0.001

Percentile

39.5%

JSON

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named ‘map’ and is registered with the wp_ajax_nopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result, unauthenticated user can delete arbitrary posts from the blog

CNA Affected

[
  {
    "product": "OSMapper",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.1.5",
        "status": "affected",
        "version": "2.1.5",
        "versionType": "custom"
      }
    ]
  }
]

Related

wpvulndb 1
patchstack 1
wpexploit 1
prion 1
cve 1
nvd 1
wpvulndb
wpvulndb
OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion
2022-03-01 00:00:00
patchstack
patchstack
WordPress OSMapper plugin <= 2.1.5 - Unauthenticated Arbitrary Post Deletion vulnerability
2022-03-01 00:00:00
wpexploit
wpexploit
OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion
2022-03-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-03-28 18:15:00
cve
cve
CVE-2021-24978
2022-03-28 18:15:08
nvd
nvd
CVE-2021-24978
2022-03-28 18:15:08

EPSS

0.001

Percentile

39.5%

JSON
Related for CVELIST:CVE-2021-24978
wpvulndb1patchstack1wpexploit1prion1cve1nvd1