CVE-2021-24725: Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF
First published: Mon Sep 13 2021(Updated: )
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quantumcloud Comment Link Remove And Other Comment Tools | <2.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-24725?
The severity of CVE-2021-24725 is medium with a severity value of 4.3.
What is the affected software of CVE-2021-24725?
The affected software of CVE-2021-24725 is Quantumcloud Comment Link Remove and Other Comment Tools plugin version up to 2.1.6 for WordPress.
How does CVE-2021-24725 impact WordPress websites?
CVE-2021-24725 allows attackers to make logged in admin delete arbitrary comments in the Comment Link Remove and Other Comment Tools plugin for WordPress.
Is there a CSRF check vulnerability in the Comment Link Remove and Other Comment Tools plugin before version 2.1.6?
Yes, the Comment Link Remove and Other Comment Tools plugin before version 2.1.6 does not have CSRF check in its 'Delete comments easily' functionality.
How can I fix CVE-2021-24725?
To fix CVE-2021-24725, update the Comment Link Remove and Other Comment Tools plugin to version 2.1.6 or higher.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/quantumcloud
- canonical/quantumcloud comment link remove and other comment tools