CVE-2021-24725

MEDIUM

Comment Link Remove and Other Comment Tools < 2.1.6 - Cross-Site Request Forgery in Delete Comments Functionality

Title source: llm
STIX 2.1

Description

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f

Scores

CVSS v3 4.3
EPSS 0.0047
EPSS Percentile 37.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
quantumcloud/comment_link_remove_and_other_comment_tools < 2.1.6
Published Sep 13, 2021
Tracked Since Feb 18, 2026