Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbPrashant Karman PatelWPVDB-ID:1DD0F9A8-22AB-4ECC-A925-605822739000
HistoryJul 19, 2021 - 12:00 a.m.

Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF

2021-07-1900:00:00
Prashant Karman Patel
wpscan.com
11
wordpress
qotd plugin
csrf
settings update
arbitrary values
security vulnerability

EPSS

0.001

Percentile

27.4%

JSON

The plugin is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.

PoC

Related

cvelist 1
wpexploit 1
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2021-24380 Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF
2021-08-16 10:48:18
wpexploit
wpexploit
Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF
2021-07-19 00:00:00
nvd
nvd
CVE-2021-24380
2021-08-16 11:15:08
prion
prion
Cross site request forgery (csrf)
2021-08-16 11:15:00
cve
cve
CVE-2021-24380
2021-08-16 11:15:08

EPSS

0.001

Percentile

27.4%

JSON
Related for WPVDB-ID:1DD0F9A8-22AB-4ECC-A925-605822739000
cvelist1wpexploit1nvd1prion1cve1