High severity8.8NVD Advisory· Published Nov 29, 2021· Updated Jun 17, 2026
CVE-2021-42364
CVE-2021-42364
Description
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Stetic/Steticv5Range: 1.0.6
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/browser/stetic/trunk/stetic.phpnvdThird Party Advisory
- wordfence.com/vulnerability-advisories/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.