CVE-2021-20846

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
24/11/2021
Last modified:
29/11/2021

Description

Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:delitestudio:push_notifications_for_wordpress:*:*:*:*:lite:wordpress:*:* 6.0.1 (excluding)