Vulnerability Details CVE-2021-24784
The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2021-24784
-
cpe:2.3:a:wp_admin_logo_changer_project:wp_admin_logo_changer:-
-
cpe:2.3:a:wp_admin_logo_changer_project:wp_admin_logo_changer:1.0