CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-42364

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2021-42364

Stetic » Stetic » Version: N/A

cpe:2.3:a:stetic:stetic:-
Stetic » Stetic » Version: 1.0.0

cpe:2.3:a:stetic:stetic:1.0.0
Stetic » Stetic » Version: 1.0.1

cpe:2.3:a:stetic:stetic:1.0.1
Stetic » Stetic » Version: 1.0.2

cpe:2.3:a:stetic:stetic:1.0.2
Stetic » Stetic » Version: 1.0.3

cpe:2.3:a:stetic:stetic:1.0.3
Stetic » Stetic » Version: 1.0.4

cpe:2.3:a:stetic:stetic:1.0.4
Stetic » Stetic » Version: 1.0.5

cpe:2.3:a:stetic:stetic:1.0.5
Stetic » Stetic » Version: 1.0.6

cpe:2.3:a:stetic:stetic:1.0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-42364

Products

Pricing

Contact Us