PT-2021-15944 · WordPress · The Social Tape Wordpress Plugin

Ashish Upsham

Published

2021-08-16

Updated

2021-08-23

CVE-2021-24411

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Social Tape WordPress plugin versions 1.0 and earlier

Description The issue is related to the lack of CSRF checks when saving settings and the failure to sanitise or escape output, leading to a stored Cross-Site Scripting issue via a CSRF attack.

Recommendations For The Social Tape WordPress plugin version 1.0 and earlier, consider disabling the settings saving functionality until a patch is available to prevent exploitation. Restrict access to the plugin's settings page to minimize the risk of CSRF attacks. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-352

Related Identifiers

CVE-2021-24411

Affected Products

The Social Tape Wordpress Plugin

PT-2021-15944 · WordPress · The Social Tape Wordpress Plugin

CVE-2021-24411

Weakness Enumeration

Related Identifiers

Affected Products

References · 5