CVE-2021-24823

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
schioccosupport_board
𝑥
< 3.3.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://noob3xploiter.medium.com/support-board-3-3-4-arbitrary-file-deletion-to-remote-code-execution-da4c45b45c83
https://wpscan.com/vulnerability/1bdebd9e-a7f2-4f55-b5b0-185eb619ebaf
https://noob3xploiter.medium.com/support-board-3-3-4-arbitrary-file-deletion-to-remote-code-execution-da4c45b45c83
https://wpscan.com/vulnerability/1bdebd9e-a7f2-4f55-b5b0-185eb619ebaf