Patreon WordPress < 1.7.0 – CSRF to Disconnect Sites From Patreon | CVE 2021-24231

Affects Plugins

patreon-connect

Fixed in 1.7.0

References

CVE

CVE-2021-24231

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

6.5 (medium)

Miscellaneous

Original Researcher

George Stephanis, Fioravante Souza, Miguel Neto, Benedict Singer and Marc Montpas

Submitter

Marc Montpas

Submitter website

https://jetpack.com

Submitter twitter

marcS0H

Verified

Yes

WPVDB ID

f8ab6855-a319-47ac-82fb-58b181e77500

Timeline

Publicly Published

2021-03-26 (about 4 years ago)

Added

2021-03-26 (about 4 years ago)

Last Updated

2021-04-21 (about 4 years ago)

Other

Published

Title

Published

2023-02-28

Title

Rus-To-Lat <= 0.3 - Cross-Site Request Forgery (CSRF)

Published

2023-09-05

Title

WP Custom Post Template <= 1.0 - Settings Update via CSRF

Published

2025-05-07

Title

Wiki Embed < 1.4.7 - Cross-Site Request Forgery

Published

2025-04-16

Title

Right Click Disable OR Ban < 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-03-10

Title

Auto Prune Posts < 2.0.0 - Post Deletion Settings Update via CSRF