CVE-2021-4418 in Custom CSS, JS & PHP Plugininfo

Zusammenfassung

von MITRE • 25.10.2023

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

Wordfence

Reservieren

11.07.2023

Veröffentlichung

25.10.2023

Moderieren

akzeptiert

Eintrag

VDB-243041

CPE

bereit

EPSS

0.00397

KEV

nein

Aktivitäten

very low

Quellen

Do you want to use VulDB in your project?

Use the official API to access entries easily!