Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon
CVE-2021-24231
6.5MEDIUM
Summary
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.
Affected Version(s)
Patreon WordPress 1.7.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas