CVSS Score of 10 (low)


Published Jul 1, 2023
Updated: Nov 7, 2023
CWE ID 352


CVE-2021-4398 is a vulnerability in the Amministrazione Trasparente plugin for WordPress, affecting versions up to and including 7.1. The vulnerability arises from missing or incorrect nonce validation in the at_save_aturl_meta() function, enabling unauthenticated attackers to update meta data through forged requests if they can deceive a site administrator into taking action, such as clicking on a link. The risk score for this vulnerability is 10 out of 10, indicating a high level of danger. Organizations using the affected versions of the plugin should take immediate action to remediate the vulnerability, which may involve updating to a patched version or applying any available security patches provided by the plugin developer. Failure to address this vulnerability could lead to potential unauthorized modifications and manipulation of meta data on affected WordPress sites.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2021-4398 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options