CVE Vulnerability

CVE-2021-24446

The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation

6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:wpchill:remove_footer_credit:*:*:*:*:*:wordpress:*:*
Information

Published : 2022-02-14 12:15

Updated : 2022-02-19 04:36

NVD link : CVE-2021-24446

Mitre link : CVE-2021-24446

Products Affected
No products.
CWE
CWE-352