CVE-2021-24823

Published: Feb 28, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files

Vendor	Product	Versions
Unknown	Support Board	affected `3.3.6 - < 3.3.6`

Weaknesses (CWE)

CWE-352

References

https://wpscan.com/vulnerability/1bdebd9e-a7f2-4f55-b5b0-185eb619ebaf

x_refsource_MISC

https://noob3xploiter.medium.com/support-board-3-3-4-arbitrary-file-deletion-to-remote-code-execution-da4c45b45c83

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-24823

Description

Affected Products

Weaknesses (CWE)

References