CVE-2021-24989

MEDIUM

WordPress PayPal Plugin <1.3.4 - CSRF

Title source: llm
STIX 2.1

Description

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/82c2ead1-1d3c-442a-ae68-359a4748447f

Scores

CVSS v3 6.5
EPSS 0.0054
EPSS Percentile 41.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
wpplugin/accept_donations_with_paypal < 1.3.4
Published Jan 24, 2022
Tracked Since Feb 18, 2026