Vulnerabilities > Patreon > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-12 CVE-2021-24231 Cross-Site Request Forgery (CSRF) vulnerability in Patreon Wordpress
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
network
patreon CWE-352
4.3
2021-04-12 CVE-2021-24230 Cross-Site Request Forgery (CSRF) vulnerability in Patreon Wordpress
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited.
network
patreon CWE-352
5.8
2021-04-12 CVE-2021-24229 Cross-site Scripting vulnerability in Patreon Wordpress
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2.
network
patreon CWE-79
6.8
2021-04-12 CVE-2021-24228 Cross-site Scripting vulnerability in Patreon Wordpress
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2.
network
patreon CWE-79
6.8
2021-04-12 CVE-2021-24227 Information Exposure vulnerability in Patreon Wordpress
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site.
network
low complexity
patreon CWE-200
5.0