CVE-2021-24380

MEDIUM

Shantz WordPress QOTD < 1.2.2 - Cross-Site Request Forgery in Settings Update

Title source: llm
STIX 2.1

Description

The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/1dd0f9a8-22ab-4ecc-a925-605822739000

Scores

CVSS v3 4.3
EPSS 0.0045
EPSS Percentile 36.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
shantz_wordpress_qotd_project/shantz_wordpress_qotd < 1.2.2
Published Aug 16, 2021
Tracked Since Feb 18, 2026