CVE-2021-20831: 
WordPress vulnerability analysis and mitigation

Cross-site request forgery (CSRF) vulnerability was discovered in WordPress Plugin OG Tags versions prior to 2.0.2. The vulnerability was identified by Ryota Nakazato of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University. The issue was disclosed on September 28, 2021, and was assigned CVE-2021-20831 (JVN Report).

The vulnerability is classified as a Cross-Site Request Forgery (CWE-352) issue. According to the CVSS v3.0 scoring system, it received a base score of 4.3 with the following vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction (JVN Report).

When exploited, this vulnerability could allow an attacker to hijack the authentication of administrators. If a user with administrative privileges views a malicious page while logged in, unintended operations may be performed on the WordPress installation (JVN Report).

The vulnerability was patched in OG Tags version 2.0.2. Users are strongly advised to update their plugin to this version or later. The fix was released as a security patch, with the developer acknowledging Mr. Ryota Nakazato for responsible disclosure (WordPress Plugin).