CVE-2021-24231
Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
El equipo de Jetpack Scan identificó una vulnerabilidad de tipo Cross-Site Request Forgery en el plugin Patreon de WordPress versiones anteriores a 1.7.0, permitiendo a un atacante hacer que un administrador registrado desconecte el sitio de Patreon al visitar un enlace especialmente diseñado
*Credits:
George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-14 CVE Reserved
- 2021-03-26 CVE Published
- 2023-11-17 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Patreon Search vendor "Patreon" | Patreon Wordpress Search vendor "Patreon" for product "Patreon Wordpress" | < 1.7.0 Search vendor "Patreon" for product "Patreon Wordpress" and version " < 1.7.0" | wordpress |
Affected
| ||||||