CVE-2021-24870

MEDIUM Year: 2021
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload

Related Vulnerabilities

CVE-2016-10865

MEDIUM
CVSS:6.1(Medium)

The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.

CWE-3522016

CVE-2016-11084

MEDIUM
CVSS:6.1(Medium)

An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.

CWE-3522016

CVE-2016-6158

MEDIUM
CVSS:6.1(Medium)

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators...

CWE-3522016

CVE-2016-6642

MEDIUM
CVSS:6.1(Medium)

Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.

CWE-3522016

CVE-2018-0444

MEDIUM
CVSS:6.1(Medium)

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the i...

CWE-3522018

CVE-2018-1432

MEDIUM
CVSS:6.1(Medium)

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML...

CWE-3522018