CVE-2021-4393

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 1, 2023

Updated: Nov 7, 2023

CWE ID 434

Summary

CVE-2021-4393 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the eCommerce Product Catalog Plugin for WordPress. Versions up to and including 3.0.17 are susceptible to this issue. The flaw stems from inadequate nonce validation on the save() function. Consequently, unauthenticated attackers can manipulate site administrators into executing a malicious request, leading to the creation of unauthorized digital orders.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/klX57n
https://www.cve.org/CVERecord?id=CVE-2021-4393
https://nvd.nist.gov/vuln/detail/CVE-2021-4393

Back to Vulnerability Database

CVE-2021-4393

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations