The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
References
Link | Resource |
---|---|
https://jetpack.com/2021/03/26/vulnerabilities-found-in-patreon-wordpress-plugin/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/f8ab6855-a319-47ac-82fb-58b181e77500 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-04-12T14:06:31
Updated: 2021-04-12T14:06:31
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24231
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-12T14:15:16.240
Modified: 2021-05-04T15:01:29.303
Link: CVE-2021-24231
JSON object: View
Redhat Information
No data.
CWE