CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20781 – Meta Data Filter & Taxonomies Filter <= 1.2.7.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2021-20781
Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en WordPress Meta Data Filter & Taxonomies Filter versiones anteriores a v.1.2.8 y versiones anteriores a v.2.2.8, permite a atacantes remotos secuestrar la autenticación de los administradores por medio de vectores no especificados The Meta Data Filter & Taxonomies Filter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions versions prior to v.2.2.8. This is due to missing or incorrect nonce validation on the draw_settings_page() function. This makes it possible for unauthenticated attackers to inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://jvn.jp/en/jp/JVN48413554/index.html https://wp-filter.com https://wp-filter.com/update-v-2-2-8-v-1-2-8 • CWE-352: Cross-Site Request Forgery (CSRF) •