CVE-2021-24572
Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts
El plugin Accept Donations with PayPal de WordPress versiones anteriores a 1.3.1, proporciona una función para crear botones de donación que se almacenan internamente como entradas. La eliminación de un botón no está protegida por CSRF y no presenta ningún control para comprobar si la entrada eliminada era una entrada de botón. Como resultado, un atacante podría hacer que los administradores registrados eliminen publicaciones arbitrarias
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-10-04 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44f | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpplugin Search vendor "Wpplugin" | Accept Donations With Paypal Search vendor "Wpplugin" for product "Accept Donations With Paypal" | < 1.3.1 Search vendor "Wpplugin" for product "Accept Donations With Paypal" and version " < 1.3.1" | wordpress |
Affected
| ||||||