CVE-2021-24704

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://wpscan.com/vulnerability/60843022-fe43-4608-8859-9c9109b35b42", "name": "https://wpscan.com/vulnerability/60843022-fe43-4608-8859-9c9109b35b42", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in \"admin/orange-form-email.php\" performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-24704", "ASSIGNER": "contact@wpscan.com"}}, "impact": {}, "publishedDate": "2022-02-28T09:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-28T13:38Z"}