CVE-2021-24922: Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting
First published: Mon Dec 13 2021(Updated: )
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fatcatapps Pixel Cat | <2.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Pixel Cat WordPress plugin?
The vulnerability ID for the Pixel Cat WordPress plugin is CVE-2021-24922.
What is the severity rating of CVE-2021-24922?
CVE-2021-24922 has a severity rating of critical.
What is the affected version of the Pixel Cat WordPress plugin?
The affected version of the Pixel Cat WordPress plugin is version up to exclusive 2.6.2.
What is the CWE ID associated with CVE-2021-24922?
The CWE ID associated with CVE-2021-24922 is CWE-352.
How can an attacker exploit CVE-2021-24922?
An attacker can exploit CVE-2021-24922 by making a logged in admin change the plugin's settings, which could lead to Cross-Site Scripting (XSS) attacks.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/fatcatapps
- canonical/fatcatapps pixel cat