QwikSec

Security Database

CVE

CWE

Training

CVE-2021-20846

Published: Nov 24, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.

Vendor	Product	Versions
Delite Studio	Push Notifications for WordPress (Lite)	affected `versions prior to 6.0.1`

References

https://delitestudio.com/en/

x_refsource_MISC

https://wordpress.org/plugins/push-notifications-for-wp/

x_refsource_MISC

https://jvn.jp/en/jp/JVN85492429/index.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.