gsd - gsd-2021-20781

gsd-2021-20781

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Aliases

CVE-2021-20781

Aliases

CVE-2021-20781

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20781",
    "description": "Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter \u0026 Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.",
    "id": "GSD-2021-20781"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20781"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter \u0026 Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.",
      "id": "GSD-2021-20781",
      "modified": "2023-12-13T01:23:11.924149Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2021-20781",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WordPress Meta Data Filter \u0026 Taxonomies Filter",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "versions prior to v.1.2.8 and versions prior to v.2.2.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "realmag777"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter \u0026 Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site request forgery"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wp-filter.com/update-v-2-2-8-v-1-2-8/",
            "refsource": "MISC",
            "url": "https://wp-filter.com/update-v-2-2-8-v-1-2-8/"
          },
          {
            "name": "https://wp-filter.com/",
            "refsource": "MISC",
            "url": "https://wp-filter.com/"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN48413554/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN48413554/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pluginus:wordpress_meta_data_and_taxonomies_filter:*:*:*:*:*:wordpress:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pluginus:wordpress_meta_data_and_taxonomies_filter:*:*:*:*:*:wordpress:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.8",
                "versionStartIncluding": "2.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20781"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter \u0026 Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN48413554/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN48413554/index.html"
            },
            {
              "name": "https://wp-filter.com/update-v-2-2-8-v-1-2-8/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wp-filter.com/update-v-2-2-8-v-1-2-8/"
            },
            {
              "name": "https://wp-filter.com/",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Vendor Advisory"
              ],
              "url": "https://wp-filter.com/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-15T23:51Z",
      "publishedDate": "2021-07-14T02:15Z"
    }
  }
}

cve-2021-20781

Vulnerability from cvelistv5

Published

2021-07-14 01:20

Modified

2024-08-03 17:53

Severity ?

Summary

References

▼	URL	Tags
	https://wp-filter.com/update-v-2-2-8-v-1-2-8/	x_refsource_MISC
	https://wp-filter.com/	x_refsource_MISC
	https://jvn.jp/en/jp/JVN48413554/index.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	realmag777	WordPress Meta Data Filter & Taxonomies Filter

Show details on NVD website