CVE-2021-24800

CVE-2021-24800: DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR

Vendor Unknown
Product DW Question Answer Pro
Weakness CWE-639 · IDOR
Published April 25, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.

Key dates

02Disclosure timeline

April 25, 2022 CVE published
August 3, 2024 Record updated