Cross-Site Request Forgery Vulnerability in Patreon WordPress Plugin (Versions before 1.7.0)

Cross-Site Request Forgery Vulnerability in Patreon WordPress Plugin (Versions before 1.7.0)

CVE-2021-24231 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.

Learn more about our Wordpress Pen Testing.