CVE-2021-4385

Summary

CVE-2021-4385 is a Cross-Site Request Forgery (CSRF) vulnerability affecting WP Private Content Plus plugin versions up to 3.1 for WordPress. This issue arises due to faulty nonce validation in the save_groups() function, which makes it possible for unauthenticated attackers to add new group members by tricking a site administrator into executing a malicious request through a forged link. This weakness can lead to unauthorized access and potential data compromise. It's crucial for affected users to update their plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.