Vulnerabilities > CVE-2021-24795 - Unspecified vulnerability in Phoeniixx Filter Portfolio Gallery 1.5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

phoeniixx

NVD

Published: 2021-12-13

Updated: 2024-11-21

Summary

The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery.

Vulnerable Configurations

Part	Description	Count
Application	Phoeniixx Phoeniixx Filter Portfolio Gallery - Phoeniixx Filter Portfolio Gallery 1.5	2

References

https://wpscan.com/vulnerability/ef3c1d4f-53a4-439e-9434-b3b4adb687a4
https://wpscan.com/vulnerability/ef3c1d4f-53a4-439e-9434-b3b4adb687a4