Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24725
HistorySep 13, 2021 - 5:56 p.m.

CVE-2021-24725 Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

2021-09-1317:56:39
CWE-352
WPScan
www.cve.org

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its ‘Delete comments easily’, which could allow attackers to make logged in admin delete arbitrary comments

CNA Affected

[
  {
    "product": "Comment Link Remove and Other Comment Tools",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.1.6",
        "status": "affected",
        "version": "2.1.6",
        "versionType": "custom"
      }
    ]
  }
]

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

Related for CVELIST:CVE-2021-24725