CVE-2021-25092

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 71.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Link Library Ylefebvre Link Library

Timeline

PublishedFeb 1

Latest updateFeb 2

Description

The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5unknown/link_library7.2.8 — 7.2.8

▶NVDylefebvre/link_library< 7.2.8

🔴Vulnerability Details

GHSA

GHSA-79qc-m83g-g4j5: The Link Library WordPress plugin before 7↗2022-02-02

▶

CVEList

Link Library < 7.2.8 - Library Settings Reset via CSRF↗2022-02-01

▶