CVE-2021-24989

CVE-2021-24989: Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF

Vendor Unknown

Product Accept Donations with PayPal

Weakness CWE-352 · CSRF

Published January 24, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog

Key dates

02Disclosure timeline

January 24, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24989 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-4628 LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook() CVE-2025-49856 WordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2026-4138 DX Unanswered Comments <= 1.7 - Cross-Site Request Forgery via Settings Update CVE-2023-41864 WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-25156 WordPress Quote Comments plugin <= 3.0.0 - CSRF to Stored XSS vulnerability