CVE-2021-24230

Name of the Vulnerable Software and Affected Versions: Patreon WordPress plugin versions prior to 1.7.0

Description: A Cross-Site Request Forgery issue allows attackers to make a logged-in user overwrite or create arbitrary user metadata on the victim's account. This can be used to overwrite the wp capabilities meta, which contains the affected user account's roles and privileges, potentially locking them out of the site and blocking access to paid content.

Recommendations: For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive user metadata to minimize the risk of exploitation.