← back
CVE-2021-24636

Print My Blog < 3.4.2 - Plugin Deactivation via CSRF

EPSS 0.5%CWE-352
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link
Affected products
Unknown · Print My Blog – Print, PDF, & eBook Converter WordPress Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e