CVE-2021-24231

CWE-352Cross-Site Request Forgery (CSRF)CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Patreon WordpressPatreon Patreon Wordpress
Timeline
PublishedApr 12
Latest updateMay 24

Description

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/patreon_wordpress1.7.01.7.0

🔴Vulnerability Details

2
GHSA
GHSA-hhg9-2j57-c5cj: The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 12022-05-24
CVEList
Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon2021-04-12
CVE-2021-24231 (MEDIUM CVSS 6.5) | The Jetpack Scan team identified a | cvebase.io