CVE-2021-24735 Compact WP Audio Player < 1.9.7 - Setting Change via CSRF

2021-10-1813:46:04

CWE-352

WPScan

www.cve.org

cve-2021-24735

wordpress plugin

nonce checks

csrf attack

EPSS

0.001

Percentile

27.4%

JSON

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the “Disable Simultaneous Play” setting via a CSRF attack.

CNA Affected

[
  {
    "product": "Compact WP Audio Player",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.9.7",
        "status": "affected",
        "version": "1.9.7",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/dcbcf6e7-e5b3-498b-9f5e-7896d309441f

EPSS

0.001

Percentile

27.4%

JSON

Related for CVELIST:CVE-2021-24735