CVE-2021-24626

HIGH

Chameleon CSS < 1.2 - Authenticated Cross-Site Request Forgery and SQL Injection via AJAX Calls

Title source: llm
STIX 2.1

Description

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165
Exploit, Third Party Advisory x_refsource_misc
https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/

Scores

CVSS v3 8.8
EPSS 0.0071
EPSS Percentile 49.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-352 CWE-89
Status published
Products (1)
chameleon_css_project/chameleon_css < 1.2
Published Nov 08, 2021
Tracked Since Feb 18, 2026