CVE-2021-24272

Sažetak

The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue

Reference

https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f
http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

03-12-2021 - 19:59

Objavljeno

05-05-2021 - 19:15