CVE-2021-38342
8.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Summary
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit admin_post actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kyle Phillips | Nested Pages | 3.1.15 <= 3.1.15 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.