CVE-2021-24379

Name of the Vulnerable Software and Affected Versions Comments Like Dislike WordPress plugin versions prior to 1.1.4

Description The issue allows any user, including unauthenticated ones, to add unlimited likes or dislikes to any comment by replaying the AJAX request. The plugin's restriction modes, such as Cookie Restriction, IP Restrictions, and Logged In User Restriction, do not prevent this attack as they only perform client-side checks.

Recommendations For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue. As a temporary workaround, consider disabling the AJAX functionality for likes and dislikes until the update is applied. Restrict access to the comment liking/disliking feature to minimize the risk of exploitation.