CVE-2021-24922
Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks
El plugin Pixel Cat de WordPress versiones anteriores a 2.6.2, no presenta una comprobación de tipo CSRF al guardar sus configuraciones, y no sanea así como escapa de algunas de ellas, lo que podría permitir a un atacante hacer que un administrador registrado las cambie y realice ataques de tipo Cross-Site Scripting
The Pixel Cat – Conversion Pixel Manager WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-11-15 CVE Published
- 2023-07-06 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/399ffd65-f3c0-4fbe-a83a-2a620976aad2 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fatcatapps Search vendor "Fatcatapps" | Pixel Cat Search vendor "Fatcatapps" for product "Pixel Cat" | < 2.6.2 Search vendor "Fatcatapps" for product "Pixel Cat" and version " < 2.6.2" | wordpress |
Affected
| ||||||