VYPR

Core Tweaks WP Setup

by WordPress

CVEs (1)

  • CVE-2021-24803HigFeb 28, 2022
    risk 0.57cvss 8.8epss 0.01

    The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create…