{"containers":{"cna":{"affected":[{"product":"Remove Footer Credit","vendor":"Unknown","versions":[{"lessThan":"1.0.6","status":"affected","version":"1.0.6","versionType":"custom"}]}],"credits":[{"lang":"en","value":"apple502j"}],"descriptions":[{"lang":"en","value":"The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-352","description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-02-14T09:20:32.000Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f"}],"source":{"discovery":"EXTERNAL"},"title":"Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting","x_generator":"WPScan CVE Generator","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"contact@wpscan.com","ID":"CVE-2021-24446","STATE":"PUBLIC","TITLE":"Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Remove Footer Credit","version":{"version_data":[{"version_affected":"<","version_name":"1.0.6","version_value":"1.0.6"}]}}]},"vendor_name":"Unknown"}]}},"credit":[{"lang":"eng","value":"apple502j"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation"}]},"generator":"WPScan CVE Generator","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-352 Cross-Site Request Forgery (CSRF)"}]}]},"references":{"reference_data":[{"name":"https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f","refsource":"MISC","url":"https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f"}]},"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:28:23.968Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpscan.com/vulnerability/be55131b-d9f2-4ac1-b667-c544c066887f"}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2021-24446","datePublished":"2022-02-14T09:20:32.000Z","dateReserved":"2021-01-14T00:00:00.000Z","dateUpdated":"2024-08-03T19:28:23.968Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}