CVE-2021-24767
MEDIUMRedirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Cross-Site Request Forgery via Log Deletion
Title source: llmDescription
The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962
Scores
CVSS v3
6.5
EPSS
0.0053
EPSS Percentile
41.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
wpvibes/redirect_404_error_page_to_homepage_or_custom_page_with_logs
< 1.7.9
Published
Nov 08, 2021
Tracked Since
Feb 18, 2026