Vulnerabilities > Patreon > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-12 | CVE-2021-24231 | Cross-Site Request Forgery (CSRF) vulnerability in Patreon Wordpress The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link. | 4.3 |
2021-04-12 | CVE-2021-24230 | Cross-Site Request Forgery (CSRF) vulnerability in Patreon Wordpress The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. | 5.8 |
2021-04-12 | CVE-2021-24229 | Cross-site Scripting vulnerability in Patreon Wordpress The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. | 6.8 |
2021-04-12 | CVE-2021-24228 | Cross-site Scripting vulnerability in Patreon Wordpress The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. | 6.8 |
2021-04-12 | CVE-2021-24227 | Information Exposure vulnerability in Patreon Wordpress The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. | 5.0 |