CVE-2021-24642
MEDIUMScroll Baner < 1.0 - Cross-Site Request Forgery in Settings Save
Title source: llmDescription
The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658
Scores
CVSS v3
6.5
EPSS
0.0055
EPSS Percentile
42.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
CWE-79
Status
published
Products (1)
scroll_banner_project/scroll_banner
< 1.0
Published
Oct 18, 2021
Tracked Since
Feb 18, 2026