CVE-2021-24806

CVE-2021-24806: wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF

Vendor Unknown
Product Comments – wpDiscuz
Weakness CWE-352 · CSRF
Published November 8, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.

Key dates

02Disclosure timeline

November 8, 2021 CVE published
August 3, 2024 Record updated