CVE-2021-24380
Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values.
Affected products
Unknown · Shantz WordPress QOTDWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →