CVE-2021-24642

MEDIUM

Scroll Baner < 1.0 - Cross-Site Request Forgery in Settings Save

Title source: llm
STIX 2.1

Description

The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE (via a file upload) as well as XSS

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/8d9129ab-33c3-44ee-b150-f7552d88e658

Scores

CVSS v3 6.5
EPSS 0.0055
EPSS Percentile 42.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
scroll_banner_project/scroll_banner < 1.0
Published Oct 18, 2021
Tracked Since Feb 18, 2026