Lucene search

[email protected]NVD:CVE-2021-4427

HistoryJul 12, 2023 - 8:15 a.m.

CVE-2021-4427

2023-07-1208:15:09

[email protected]

web.nvd.nist.gov

vuukle

wordpress

csrf

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php file. This makes it possible for unauthenticated attackers to edit the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected configurations

Nvd

Node

vuuklevuukle_comments\,_reactions\,_share_bar\,_revenueRange≤3.4.31wordpress

VendorProductVersionCPE
vuuklevuukle_comments\,_reactions\,_share_bar\,_revenue*cpe:2.3:a:vuukle:vuukle_comments\,_reactions\,_share_bar\,_revenue:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
vuukle	vuukle_comments\,_reactions\,_share_bar\,_revenue	*	cpe:2.3:a:vuukle:vuukle_comments\,_reactions\,_share_bar\,_revenue::::::wordpress::*

References

blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/

blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/

blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/

blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/

blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/

blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/

blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2553337%40free-comments-for-wordpress-vuukle&new=2553337%40free-comments-for-wordpress-vuukle&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/ff28f33f-85d1-4987-975b-ee3bbcb394f4?source=cve

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

48.7%

JSON

Related for NVD:CVE-2021-4427

cvelist1 prion1 vulnrichment1 cve1