First published: Mon Nov 01 2021(Updated: )
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Far Future Expiry Header | <1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24799 is a vulnerability in the Far Future Expiry Header WordPress plugin before version 1.5 that allows attackers to change settings via a CSRF attack.
The severity of CVE-2021-24799 is medium, with a CVSS score of 4.3.
CVE-2021-24799 affects the Far Future Expiry Header WordPress plugin before version 1.5 by not having a CSRF check when saving settings.
An attacker can exploit CVE-2021-24799 by conducting a CSRF attack to make unauthorized changes to the plugin's settings.
To fix CVE-2021-24799, it is recommended to update the Far Future Expiry Header WordPress plugin to version 1.5 or higher, which includes a CSRF check when saving settings.