CVE-2021-24767

Published: Nov 8, 2021Modified: Jan 23, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack

Affected (1)

Products: Wpvibes: Redirect 404 Error Page To Homepage Or Custom Page With Logs

Wpvibes

1 product

Redirect 404 Error Page To Homepage Or Custom Page With Logs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpvibes Redirect 404 Error Page To Homepage Or Custom Page With Logs	Before 1.7.9

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/0b35ad4a-3d94-49b1-a98d-07acf8dd4962

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.