CVE-2021-24272
N/A
N/A
Summary
The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | fitness calculators | 1.9.6 < 1.9.6 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f
- http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html
References
- https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f
- http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.