Unrated severityNVD Advisory· Published Aug 16, 2021· Updated Aug 3, 2024
Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS
CVE-2021-24466
Description
The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Verse-O-Maticdescription
- Range: <=4.1.1
Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- wpscan.com/vulnerability/37c7bdbb-f27f-47d3-9886-69d2e83d7581mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.