CVE-2021-4403

{"id": "CVE-2021-4403", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-07-01T06:15:10.210", "references": [{"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", "tags": ["Not Applicable"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", "tags": ["Not Applicable"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", "tags": ["Not Applicable"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", "tags": ["Not Applicable"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", "tags": ["Not Applicable"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", "tags": ["Not Applicable"], "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548575%40remove-schema&new=2548575%40remove-schema&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89635463-966d-4f7d-995d-ad83a502d95b?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548575%40remove-schema&new=2548575%40remove-schema&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/89635463-966d-4f7d-995d-ad83a502d95b?source=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Remove Schema para WordPress es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF) en versiones hasta la 1.5 inclusive. Esto es debido a la falta o incorrecta validaci\u00f3n nonce en la funci\u00f3n \"validate()\". Esto hace posible que atacantes no autenticados modifiquen la configuraci\u00f3n del plugin a trav\u00e9s de una solicitud manipulada concedida y puedan enga\u00f1ar a un administrador del sitio para realizar una acci\u00f3n como hacer clic en un enlace. "}], "lastModified": "2024-11-21T06:37:37.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:websitescanner:remove_schema:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7E90D771-1066-4961-8778-E0EBD3C5B40C", "versionEndIncluding": "1.5"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}