Lucene search
PRIOn knowledge basePRION:CVE-2021-24704HistoryFeb 28, 2022 - 9:15 a.m.
Cross site request forgery (csrf)
2022-02-2809:15:00
PRIOn knowledge base
www.prio-n.com
7
In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in “admin/orange-form-email.php” performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example
| CPE | Name | Operator | Version |
|---|---|---|---|
| orange-form | le | 1.0 |
Related
patchstack
patchstack
nvd
nvd
CVE-2021-24704
2022-02-28 09:15:07
wpvulndb
wpvulndb
Orange Form <= 1.0 - SQL Injection via CSRF
2021-12-29 00:00:00
wpexploit
wpexploit
Orange Form <= 1.0 - SQL Injection via CSRF
2021-12-29 00:00:00
cnvd
cnvd
WordPress Orange Form Plugin SQL Injection Vulnerability
2022-03-02 00:00:00
cve
cve
CVE-2021-24704
2022-02-28 09:15:07
cvelist
cvelist
CVE-2021-24704 Orange Form <= 1.0 - SQL Injection via CSRF
2022-02-28 09:06:06