CVE Vulnerability

CVE-2021-24636

The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link

5.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

8.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:print_my_blog_project:print_my_blog:*:*:*:*:*:wordpress:*:*
Information

Published : 2021-09-20 10:15

Updated : 2021-10-01 06:05

NVD link : CVE-2021-24636

Mitre link : CVE-2021-24636

Products Affected
No products.
CWE
CWE-352