CVE-2021-4411

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 12, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2021-4411: A vulnerability affects the WP EasyPay – Square for WordPress plugin, impacting versions up to 3.2.0. The issue stems from insufficient nonce validation on the wpep_download_transaction_in_excel() function. This security flaw exposes sites to Cross-Site Request Forgery (CSRF) attacks. Attackers can force administrators to download transactions data by tricking them into clicking on malicious links, potentially leading to data theft or other unauthorized actions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SPIP

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/krBAO1
https://www.cve.org/CVERecord?id=CVE-2021-4411
https://nvd.nist.gov/vuln/detail/CVE-2021-4411

Back to Vulnerability Database

CVE-2021-4411

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations