CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24802 – Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF
https://notcve.org/view.php?id=CVE-2021-24802
The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack El plugin Colorful Categories de WordPress versiones anteriores a 2.0.15, no aplica la comprobación de nonce, que podría permitir a atacantes hacer que un administrador o editor conectado cambie los colores de la taxonomía por medio de un ataque de tipo CSRF The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack. • https://wpscan.com/vulnerability/d92db61f-341c-4f3f-b962-326194ddbd1e • CWE-352: Cross-Site Request Forgery (CSRF) •