How severe is CVE-2021-24500?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-24500?

This is classified as CWE-283, which is a common weakness in software security.

CVE-2021-24500

HIGH Year: 2021

CVSS v3 Score

8.1

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-283

View all →

Vulnerability Description

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site.

CVE-2021-24501

HIGH

CVSS:8.1(High)

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting object...

CWE-2832021

CVE-2024-27903

HIGH

CVSS:7.2(High)

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged O...

CWE-2832024

CVE-2025-47940

HIGH

CVSS:7.2(High)

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend...

CWE-2832025

CVE-2022-29220

MEDIUM

CVSS:6.5(Medium)

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit cre...

CWE-2832022