CVE-2021-24800 Vulnerability Details

  /     /     /  

CVE-2021-24800 Metadata Quick Info

CVE Published: 25/04/2022 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: WPScan | Vendor: Unknown | Product: DW Question Answer Pro
Status : PUBLISHED

---

CVE-2021-24800 Description

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-639
CWE Name: CWE-639 Authorization Bypass Through User-Controlled Key
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).