Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.6 views

CVE-2021-24752

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...

5.7CVSS6.5AI score0.00408EPSS
Exploits2References1
NVD
NVD
added 2021/10/18 2:15 p.m.51 views

CVE-2021-24752

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...

5.7CVSS0.00408EPSS
Exploits2References1
CVE
CVE
added 2021/10/18 1:46 p.m.75 views

CVE-2021-24752

CVE-2021-24752 affects multiple CatchThemes plugins that fail capability and CSRF checks in the ctp_switch AJAX action. This allows any authenticated user (e.g., Subscriber) to alter plugin settings for: Essential Widgets (≤1.9), To Top (≤2.3), Header Enhancement (≤1.5), Generate Child Theme (≤1....

5.7CVSS5.3AI score0.00408EPSS
Exploits2References1Affected Software10
Cvelist
Cvelist
added 2021/10/18 1:46 p.m.56 views

CVE-2021-24752 Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...

5.8AI score0.00408EPSS
Exploits2References1
Rows per page
Query Builder