admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2021/CVE-2021-24766.md

18 lines
859 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2021-24766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24766)
![](https://img.shields.io/static/v1?label=Product&message=404%20to%20301%20%E2%80%93%20Redirect%2C%20Log%20and%20Notify%20404%20Errors&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.0.9%3C%203.0.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
### Description
The 404 to 301 Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack
### POC
#### Reference
- https://wpscan.com/vulnerability/cc13db1e-5f7f-49b2-81da-f913cfe70543
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink