Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-24800. PoCs published by tomorroisnew.
Description
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
Exploits (1)
github
NO CODE
2 stars
by tomorroisnew · poc
https://github.com/tomorroisnew/CVE/tree/main/CVE-2021-24800
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/cd37ca81-d683-4955-bc97-60204cb9c346
Scores
CVSS v3
4.3
EPSS
0.0062
EPSS Percentile
44.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-639
Status
published
Products (1)
designwall/dw_question_\&_answer
< 1.3.4
Published
Apr 25, 2022
Tracked Since
Feb 18, 2026