Security Advisory

CVE-2021-24491

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-13 17:56:17

Last updated 2024-08-03 19:35:20

Assigner WPScan

State PUBLISHED

Description

The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack

← Browse all CVEs View on cve.org ↗