CVE-2021-24989

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 71.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Accept Donations With PaypalWpplugin Accept Donations With Paypal
Timeline
PublishedJan 24
Latest updateJan 25

Description

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5unknown/accept_donations_with_paypal1.3.41.3.4

🔴Vulnerability Details

2
GHSA
GHSA-vpr8-rx78-hh89: The Accept Donations with PayPal WordPress plugin before 12022-01-25
CVEList
Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF2022-01-24
CVE-2021-24989 (MEDIUM CVSS 6.5) | The Accept Donations with PayPal Wo | cvebase.io