CVE-2021-34637

Summary

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the ~/php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5.

Affected Software

VendorProductVersion RangeStatus
iTuxPost Index0.7.5 <= 0.7.5affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References