← Volver a CVEs
CVE-2021-24800
MEDIUM4.3
Descripcion
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
Detalles CVE
Puntuacion CVSS v3.14.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/25/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
designwall:dw_question_\&_answer
Debilidades (CWE)
CWE-639CWE-639
Referencias
https://wpscan.com/vulnerability/cd37ca81-d683-4955-bc97-60204cb9c346(contact@wpscan.com)
https://wpscan.com/vulnerability/cd37ca81-d683-4955-bc97-60204cb9c346(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.