WordfenceCVELIST:CVE-2021-38342CVE-2021-38342 Nested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and Modification
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit admin_post actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.
CNA Affected
[
{
"product": "Nested Pages",
"vendor": "Kyle Phillips",
"versions": [
{
"lessThanOrEqual": "3.1.15",
"status": "affected",
"version": "3.1.15",
"versionType": "custom"
}
]
}
]Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.6%