Lucene search
Francesco CarlucciWPVDB-ID:7CD524ED-5EB9-4D6B-B4D2-3D4BE6B57879HistoryNov 15, 2021 - 12:00 a.m.
WP Limits <= 1.0 - Plugin's Settings Update via CSRF
2021-11-1500:00:00
Francesco Carlucci
wpscan.com
8
0.001 Low
EPSS
Percentile
26.0%
The plugin does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values
PoC
Related
cve
cve
CVE-2021-24818
2021-12-13 11:15:08
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2021-12-13 11:15:00
cvelist
cvelist
CVE-2021-24818 WP Limits <= 1.0 - Plugin's Settings Update via CSRF
2021-12-13 10:41:00
cnvd
cnvd
WordPress WP Limits plugin cross-site request forgery vulnerability
2021-12-18 00:00:00
nvd
nvd
CVE-2021-24818
2021-12-13 11:15:08
wpexploit
wpexploit
WP Limits <= 1.0 - Plugin's Settings Update via CSRF
2021-11-15 00:00:00