Lucene search
PRIOn knowledge basePRION:CVE-2021-24843HistoryFeb 07, 2022 - 4:15 p.m.
Design/Logic Flaw
2022-02-0716:15:00
PRIOn knowledge base
www.prio-n.com
1
0.001 Low
EPSS
Percentile
26.5%
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.
| CPE | Name | Operator | Version |
|---|---|---|---|
| supportcandy | lt | 2.2.7 |
Related
cvelist
cvelist
CVE-2021-24843 SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
2022-02-07 15:47:10
cve
cve
CVE-2021-24843
2022-02-07 16:15:42
nvd
nvd
CVE-2021-24843
2022-02-07 16:15:42
wpvulndb
wpvulndb
SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
2022-01-05 00:00:00
wpexploit
wpexploit
SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
2022-01-05 00:00:00
patchstack
patchstack