CVE-2021-34661 MEDIUM

CVE-2021-34661: WP Fusion Lite <= 3.37.18 Cross-Site Request Forgery to Data Deletion

Vendor Very Good Plugins
Product WP Fusion Lite
Weakness CWE-352 · CSRF
Published August 9, 2021
Last update May 23, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18.

Key dates

02Disclosure timeline

August 9, 2021 CVE published
May 23, 2025 Record updated