Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41129 | 1 Patreon | 1 Patreon Wordpress | 2023-11-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6. | |||||
| CVE-2021-24230 | 1 Patreon | 1 Patreon Wordpress | 2021-05-04 | 5.8 MEDIUM | 8.1 HIGH |
| The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content. | |||||
| CVE-2021-24227 | 1 Patreon | 1 Patreon Wordpress | 2021-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies. | |||||