High severity8.8NVD Advisory· Published Feb 28, 2022· Updated Jun 17, 2026
CVE-2021-24803
CVE-2021-24803
Description
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account and takeover the website via CSRF attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Core Tweaks WP Setup plugindescription
- Range: <=4.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/97adac02-4163-48d4-ba14-0b1badfd3d42nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.