Vulnerabilities > CVE-2021-24749 - Unspecified vulnerability in Kazencoders URL Shortify

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

kazencoders

NVD

Published: 2021-11-29

Updated: 2024-11-21

Summary

The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.

Vulnerable Configurations

Part	Description	Count
Application	Kazencoders Kazencoders URL Shortify *	1

References

https://wpscan.com/vulnerability/4b4e417d-0ae2-4c3c-81e6-4dcf39eb5697
https://wpscan.com/vulnerability/4b4e417d-0ae2-4c3c-81e6-4dcf39eb5697