exploitDog

CVE-2021-24806

Опубликовано: 08 нояб. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.

Ссылки

https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*

Версия до 7.3.4 (исключая)

EPSS

Процентиль: 35%

0.00143

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-q4r2-83hh-f65v

github

больше 3 лет назад

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.

EPSS

Процентиль: 35%

0.00143

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

CWE-352