CVE-2021-47800
b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
| CWE | CWE-352 |
| Vendor | b2evolution |
| Product | b2evolution |
| Published | Jan 15, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for b2evolution b2evolution
Be the first to know when new medium vulnerabilities affecting b2evolution b2evolution are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
B2Evolution / b2evolution
7.2.2
References
exploit-db.com: https://www.exploit-db.com/exploits/50081 b2evolution.net: https://b2evolution.net/ b2evolution.net: https://b2evolution.net/downloads/ github.com: https://github.com/b2evolution/b2evolution vulncheck.com: https://www.vulncheck.com/advisories/bevolution-edit-account-details-cross-site-request-forgery-csrf
Credits
Alperen Ergel (@alpernae)