CVE-2021-24725

Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

EPSS 0.5%CWE-352

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Sep 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments

Affected products

Unknown · Comment Link Remove and Other Comment Tools

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225