How severe is CVE-2021-24752?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2021-24752?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2021-24752 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement WordPress plugin before 1.5, Generate Child Theme WordPress plugin before 1.6, Essential Content Types WordPress plugin before 1.9, Catch Web Tools WordPress plugin before 2.7, Catch Under Construction WordPress plugin before 1.4, Catch Themes Demo Import WordPress plugin before 1.6, Catch Sticky Menu WordPress plugin before 1.7, Catch Scroll Progress Bar WordPress plugin before 1.6, Social Gallery and Widget WordPress plugin before 2.3, Catch Infinite Scroll WordPress plugin before 1.9, Catch Import Export WordPress plugin before 1.9, Catch Gallery WordPress plugin before 1.7, Catch Duplicate Switcher WordPress plugin before 1.6, Catch Breadcrumb WordPress plugin before 1.7, Catch IDs WordPress plugin before 2.4's configurations.

Related Vulnerabilities

CVE-2016-3060

MEDIUM

CVSS:5.7(Medium)

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote auth...

CWE-2842016

CVE-2019-11894

MEDIUM

CVSS:5.7(Medium)

A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order ...

CWE-2842019

CVE-2022-3027

MEDIUM

CVSS:5.7(Medium)

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, w...

CWE-2842022

CVE-2023-25150

MEDIUM

CVSS:5.7(Medium)

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permissio...

CWE-2842023

CVE-2024-11358

MEDIUM

CVSS:5.7(Medium)

Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.

CWE-2842024

CVE-2024-20695

MEDIUM

CVSS:5.7(Medium)

Skype for Business Information Disclosure Vulnerability

CWE-2842024