← voltar
CVE-2021-24806

wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF

EPSS 0.5%CWE-352
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 nov 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.
Produtos afetados
Unknown · Comments – wpDiscuz

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe