CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-24806

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile29.74th
Published2021年11月8日
Last Modified2024年11月21日

Vulnerability Description

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.

Affected Platforms (CPE)

📦
Gvectors

Wpdiscuz

< 7.3.4

References & Advisories

🔗 https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe
🔗 https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe

相关漏洞威胁

CVE-2020-2418610.0

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthe...

CVE-2020-136409.8

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary...

CVE-2021-247374.8

The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages befor...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...