CVE-2021-24725
MEDIUMComment Link Remove and Other Comment Tools < 2.1.6 - Cross-Site Request Forgery in Delete Comments Functionality
Title source: llmDescription
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f
Exploit, Third Party Advisory x_refsource_misc
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225
Scores
CVSS v3
4.3
EPSS
0.0047
EPSS Percentile
37.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
quantumcloud/comment_link_remove_and_other_comment_tools
< 2.1.6
Published
Sep 13, 2021
Tracked Since
Feb 18, 2026