CVE-2021-20846

November 27, 2021

Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.

Summary:

Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.

Reference Links(if available):

  • https://jvn.jp/en/jp/JVN85492429/index.html
  • https://wordpress.org/plugins/push-notifications-for-wp/
  • https://delitestudio.com/en/

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    image 1

    Abyss Ransomware Victim: rangam[.]com

    April 23, 2024
    HIBP Banner 1

    T2 – 85,894 breached accounts

    April 23, 2024
    CISA Logo

    CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

    April 23, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    April 23, 2024
    CISA Logo

    CISA: Joint Guidance on Deploying AI Systems Securely

    April 23, 2024