QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24572

Published: Nov 1, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts

Vendor	Product	Versions
Unknown	Accept Donations with PayPal	affected `1.3.1 - < 1.3.1`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44f

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.