CVE-2021-24626
HIGHChameleon CSS < 1.2 - Authenticated Cross-Site Request Forgery and SQL Injection via AJAX Calls
Title source: llmDescription
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/06cb6c14-99b8-45b6-be2e-f4dcca8a4165
Exploit, Third Party Advisory x_refsource_misc
https://codevigilant.com/disclosure/2021/wp-plugin-chameleon-css/
Scores
CVSS v3
8.8
EPSS
0.0071
EPSS Percentile
49.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
CWE-89
Status
published
Products (1)
chameleon_css_project/chameleon_css
< 1.2
Published
Nov 08, 2021
Tracked Since
Feb 18, 2026