CVE-2021-24446

The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpchill:remove_footer_credit:*:*:*:*:*:wordpress:*:*

History

19 Feb 2022, 04:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.0
v3 : 5.4
References (MISC) https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f - (MISC) https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f - Exploit, Third Party Advisory
CPE cpe:2.3:a:wpchill:remove_footer_credit:*:*:*:*:*:wordpress:*:*

14 Feb 2022, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-14 12:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-24446

Mitre link : CVE-2021-24446

CVE.ORG link : CVE-2021-24446


JSON object : View

Products Affected

wpchill

  • remove_footer_credit
CWE
CWE-352

Cross-Site Request Forgery (CSRF)