Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-24805. PoCs published by tomorroisnew.
Description
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.
Exploits (1)
github
NO CODE
2 stars
by tomorroisnew · poc
https://github.com/tomorroisnew/CVE/tree/main/CVE-2021-24805
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/a6be3fcf-60f7-4f13-b773-871a7296113c
Scores
CVSS v3
4.3
EPSS
0.0041
EPSS Percentile
32.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
designwall/dw_question_\&_answer
< 1.3.4
Published
Apr 25, 2022
Tracked Since
Feb 18, 2026