All the vulnerabilites related to realmag777 - WPCS - WordPress Currency Switcher
jvndb-2021-000062
Vulnerability from jvndb
Published
2021-07-06 14:11
Modified
2021-07-06 14:11
Severity ?
Summary
WordPress Plugin "WPCS - WordPress Currency Switcher" vulnerable to cross-site request forgery
Details
WordPress Plugin "WPCS - WordPress Currency Switcher" provided by realmag777 contains a cross-site request forgery vulnerability (CWE-352).
Mizuki Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported and coordinated with the developer to fix this vulnerability.
After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN91372527/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20780 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20780 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| realmag777 | WPCS - WordPress Currency Switcher |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000062.html",
"dc:date": "2021-07-06T14:11+09:00",
"dcterms:issued": "2021-07-06T14:11+09:00",
"dcterms:modified": "2021-07-06T14:11+09:00",
"description": "WordPress Plugin \"WPCS - WordPress Currency Switcher\" provided by realmag777 contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nMizuki Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported and coordinated with the developer to fix this vulnerability.\r\nAfter coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000062.html",
"sec:cpe": {
"#text": "cpe:/a:misc:realmag777_wordpress_currency_switcher",
"@product": "WPCS - WordPress Currency Switcher",
"@vendor": "realmag777",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000062",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN91372527/index.html",
"@id": "JVN#91372527",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20780",
"@id": "CVE-2021-20780",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20780",
"@id": "CVE-2021-20780",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "WordPress Plugin \"WPCS - WordPress Currency Switcher\" vulnerable to cross-site request forgery"
}
var-202107-0447
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. The following person reports this vulnerability information directly to the product developer, and after coordinating with the product developer, the purpose is to inform the product user. JVN It was announced at. Reporter : Tokyo Denki University, Department of Information and Communication Engineering, Cryptographic Protocol / Cryptographic Protocol Laboratory Takagi Izumi Nozomi MrIf a user who is logged in to the product with administrator privileges accesses a specially crafted page, he / she may be forced to perform unintended operations. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wordpress currency switcher",
"scope": "lte",
"trust": 1.0,
"vendor": "wp currency",
"version": "1.1.6"
},
{
"model": "wpcs - wordpress currency switcher",
"scope": "eq",
"trust": 0.8,
"vendor": "realmag777",
"version": null
},
{
"model": "wpcs - wordpress currency switcher",
"scope": "lte",
"trust": 0.8,
"vendor": "realmag777",
"version": "1.1.6 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"cve": "CVE-2021-20780",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-20780",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000062",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-378456",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20780",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000062",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20780",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-000062",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-283",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-378456",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-20780",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-378456"
},
{
"db": "VULMON",
"id": "CVE-2021-20780"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-283"
},
{
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. The following person reports this vulnerability information directly to the product developer, and after coordinating with the product developer, the purpose is to inform the product user. JVN It was announced at. Reporter : Tokyo Denki University, Department of Information and Communication Engineering, Cryptographic Protocol / Cryptographic Protocol Laboratory Takagi Izumi Nozomi MrIf a user who is logged in to the product with administrator privileges accesses a specially crafted page, he / she may be forced to perform unintended operations. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20780"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-378456"
},
{
"db": "VULMON",
"id": "CVE-2021-20780"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN91372527",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2021-20780",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000062",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070704",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-283",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-68922",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-378456",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-20780",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-378456"
},
{
"db": "VULMON",
"id": "CVE-2021-20780"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-283"
},
{
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"id": "VAR-202107-0447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-378456"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:39:42.938000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PluginUs.Net\u00a0-\u00a0Business\u00a0Tools\u00a0for\u00a0WordPress\u00a0and\u00a0WooCommerce realmag777",
"trust": 0.8,
"url": "https://pluginus.net/"
},
{
"title": "WordPress Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156140"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
},
{
"problemtype": "Cross-site request forgery (CWE-352) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-378456"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://jvn.jp/en/jp/jvn91372527/index.html"
},
{
"trust": 1.8,
"url": "https://pluginus.net/"
},
{
"trust": 1.8,
"url": "https://wordpress.org/plugins/currency-switcher/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn91372527/index.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070704"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20780"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-378456"
},
{
"db": "VULMON",
"id": "CVE-2021-20780"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-283"
},
{
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-378456"
},
{
"db": "VULMON",
"id": "CVE-2021-20780"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-283"
},
{
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-378456"
},
{
"date": "2021-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20780"
},
{
"date": "2021-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-283"
},
{
"date": "2021-07-07T08:15:07.970000",
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-378456"
},
{
"date": "2021-07-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20780"
},
{
"date": "2021-07-06T03:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-000062"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-283"
},
{
"date": "2021-07-10T02:32:55.870000",
"db": "NVD",
"id": "CVE-2021-20780"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-283"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WordPress\u00a0 Plugin for \u00a0WPCS\u00a0-\u00a0WordPress\u00a0Currency\u00a0Switcher\u00a0 Cross Site Request Forgery Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000062"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
cve-2021-20780
Vulnerability from cvelistv5
Published
2021-07-07 07:05
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/currency-switcher/ | x_refsource_MISC | |
| https://pluginus.net/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN91372527/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| realmag777 | WPCS - WordPress Currency Switcher |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/currency-switcher/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pluginus.net/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN91372527/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPCS - WordPress Currency Switcher",
"vendor": "realmag777",
"versions": [
{
"status": "affected",
"version": "1.1.6 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-07T07:05:33",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/currency-switcher/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pluginus.net/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN91372527/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPCS - WordPress Currency Switcher",
"version": {
"version_data": [
{
"version_value": "1.1.6 and earlier"
}
]
}
}
]
},
"vendor_name": "realmag777"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/currency-switcher/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/currency-switcher/"
},
{
"name": "https://pluginus.net/",
"refsource": "MISC",
"url": "https://pluginus.net/"
},
{
"name": "https://jvn.jp/en/jp/JVN91372527/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN91372527/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20780",
"datePublished": "2021-07-07T07:05:33",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}