CVE-2021-24806
MEDIUMwpDiscuz < 7.3.4 - Cross-Site Request Forgery in Comment Management
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-24806. PoCs published by tomorroisnew.
Description
The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.
Exploits (1)
github
NO CODE
2 stars
by tomorroisnew · poc
https://github.com/tomorroisnew/CVE/tree/main/CVE-2021-24806
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/2746101e-e993-42b9-bd6f-dfd5544fa3fe
Scores
CVSS v3
4.3
EPSS
0.0047
EPSS Percentile
36.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
gvectors/wpdiscuz
< 7.3.4
Published
Nov 08, 2021
Tracked Since
Feb 18, 2026