CVE-2021-24767

MEDIUM

Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Cross-Site Request Forgery via Log Deletion

Title source: llm
STIX 2.1

Description

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962

Scores

CVSS v3 6.5
EPSS 0.0053
EPSS Percentile 41.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
wpvibes/redirect_404_error_page_to_homepage_or_custom_page_with_logs < 1.7.9
Published Nov 08, 2021
Tracked Since Feb 18, 2026