CVE-2021-24572 — MEDIUM (4.3)

Q: How severe is CVE-2021-24572?

CVE-2021-24572 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24572?

Check the references section above for vendor advisories and patch information. Affected products include: Wpplugin Accept Donations With Paypal.

Vulnerability Description

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wpplugin	Accept Donations With Paypal	< 1.3.1

Related Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44fExploitThird Party Advisory
https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44fExploitThird Party Advisory

FAQ

What is CVE-2021-24572?

CVE-2021-24572 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and t...

How severe is CVE-2021-24572?

CVE-2021-24572 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24572?

Check the references section above for vendor advisories and patch information. Affected products include: Wpplugin Accept Donations With Paypal.