CVE-2021-24767

EUVD-2021-11679
The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
wpvibesredirect_404_error_page_to_homepage_or_custom_page_with_logs
𝑥
< 1.7.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962
https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962