CVE-2021-24491
CVE-2021-24491 concerns the WordPress plugin Fileviewer (<= 2.2), where actions like file upload and deletion lack CSRF protection. The root cause is missing CSRF checks, enabling a CSRF attack that could cause a logged-in administrator to delete or upload arbitrary files. The vulnerability is...