CyberSec.Space Logo
Back to CVE Browser

CVE-2021-24806

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile29.74th
PublishedNov 8, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.

Affected Platforms (CPE)

📦
Gvectors

Wpdiscuz

< 7.3.4

References & Advisories

🔗 https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe
🔗 https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe

Related Vulnerabilities

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2020-136409.8

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary...

CVE-2021-247374.8

The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages befor...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...