Medium severity4.3NVD Advisory· Published Feb 28, 2022· Updated Jun 17, 2026
CVE-2021-24688
CVE-2021-24688
Description
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the or_delete_filed one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing actions on posts also do not ensure that the post belong to them (or that they are allowed to perform such action on it)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Orange Form plugindescription
- Range: <=1.0.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/78bc7cf1-7563-4ada-aec9-af4c943e3e2cnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.