CVE-2021-24725

Published: Sep 13, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments

Affected (1)

Products: Quantumcloud: Comment Link Remove And Other Comment Tools

Quantumcloud

1 product

Comment Link Remove And Other Comment Tools

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Quantumcloud Comment Link Remove And Other Comment Tools	Before 2.1.6

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f

Source: contact@wpscan.com

ExploitThird Party Advisory

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.