Descrição
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2021-24230
Tags
Nâo informado
Data de publicação
12/04/2021
Última atualização
24/02/2022
Pontuação em CVSS 3.0
8.1
Alto