CVE-2021-24974 — MEDIUM (5.4)

Q: How severe is CVE-2021-24974?

CVE-2021-24974 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24974?

Check the references section above for vendor advisories and patch information. Affected products include: Adtribes Product Feed Pro For Woocommerce.

Vulnerability Description

The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could lead to Stored Cross-Site Scripting issue (which will be triggered in the admin dashboard) due to the lack of escaping.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Adtribes	Product Feed Pro For Woocommerce	< 11.0.7

Related Weaknesses (CWE)

CWE-79

References

https://wpscan.com/vulnerability/8ed549fe-7d27-4a7a-b226-c20252964b29ExploitThird Party Advisory
https://wpscan.com/vulnerability/8ed549fe-7d27-4a7a-b226-c20252964b29ExploitThird Party Advisory

FAQ

What is CVE-2021-24974?

CVE-2021-24974 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could l...

How severe is CVE-2021-24974?

CVE-2021-24974 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24974?

Check the references section above for vendor advisories and patch information. Affected products include: Adtribes Product Feed Pro For Woocommerce.