CVE-2021-4392
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2021-4392 is a Cross-Site Request Forgery vulnerability affecting the eCommerce Product Catalog Plugin for WordPress up to version 2.9.43. This issue arises due to insufficient nonce validation on the implecode_save_products_meta() function. Consequently, unauthenticated attackers can manipulate product meta data by tricking administrators into executing malicious requests through specially crafted links. Successful exploitation of this vulnerability may allow the attacker to make unintended modifications to the product catalog, potentially leading to data corruption or unauthorized access. It is recommended that users update to the latest version of the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Implecode Ecommerce Product Catalog
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions