Vulnerability Description
The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clogica | Wp Login Security And History | <= 1.0 |
Related Weaknesses (CWE)
References
- https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.htmlExploitThird Party Advisory
- https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-
- https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-LExploitThird Party Advisory
- https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4aceExploitThird Party Advisory
- https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.htmlExploitThird Party Advisory
- https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-
- https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-LExploitThird Party Advisory
- https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4aceExploitThird Party Advisory
FAQ
What is CVE-2021-24328?
CVE-2021-24328 is a vulnerability with a CVSS score of 6.2 (MEDIUM). The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged i...
How severe is CVE-2021-24328?
CVE-2021-24328 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24328?
Check the references section above for vendor advisories and patch information. Affected products include: Clogica Wp Login Security And History.