Lucene search
China National Vulnerability DatabaseCNVD-2021-103645HistoryOct 24, 2021 - 12:00 a.m.
WordPress Compact WP Audio Player plugin cross-site request forgery vulnerability
2021-10-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
wordpress
compact wp audio player
cross-site request forgery
EPSS
0.001
Percentile
27.4%
WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress Compact WP Audio Player plugin in versions prior to 1.9.7, which stems from the fact that the web application does not adequately verify that the request is from a trusted user. An attacker could use a CSRF attack to cause the login administrator to change the “Disable Sync Play” setting.
Related
wpvulndb
wpvulndb
Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
2021-09-15 00:00:00
cvelist
cvelist
CVE-2021-24735 Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
2021-10-18 13:46:04
prion
prion
Cross site request forgery (csrf)
2021-10-18 14:15:00
nvd
nvd
CVE-2021-24735
2021-10-18 14:15:09
patchstack
patchstack
wpexploit
wpexploit
Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
2021-09-15 00:00:00
cve
cve
CVE-2021-24735
2021-10-18 14:15:09