Vulnerabilities > CVE-2021-24572 - Unspecified vulnerability in Wpplugin Accept Donations With Paypal

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wpplugin

NVD

Published: 2021-11-01

Updated: 2024-11-21

Summary

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts

Vulnerable Configurations

Part	Description	Count
Application	Wpplugin Wpplugin Accept Donations With Paypal - Wpplugin Accept Donations With Paypal 1.0 Wpplugin Accept Donations With Paypal 1.1 Wpplugin Accept Donations With Paypal 1.2 Wpplugin Accept Donations With Paypal 1.2.1 Wpplugin Accept Donations With Paypal 1.2.2 Wpplugin Accept Donations With Paypal 1.2.3 Wpplugin Accept Donations With Paypal 1.2.4 Wpplugin Accept Donations With Paypal 1.2.5 Wpplugin Accept Donations With Paypal 1.2.6 Wpplugin Accept Donations With Paypal 1.2.7 Wpplugin Accept Donations With Paypal 1.2.8 Wpplugin Accept Donations With Paypal 1.2.9 Wpplugin Accept Donations With Paypal 1.3	14

Summary

Vulnerable Configurations

References