CVE-2021-24635 - CERT CVE
ID CVE-2021-24635
Sažetak The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL
Reference
CVSS
Base: 5.5
Impact: 4.9
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL NONE
CVSS vektor AV:N/AC:L/Au:S/C:P/I:P/A:N
Zadnje važnije ažuriranje 25-10-2022 - 19:01
Objavljeno 20-09-2021 - 10:15