QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24806

Published: Nov 8, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.

Vendor	Product	Versions
Unknown	Comments – wpDiscuz	affected `7.3.4 - < 7.3.4`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.