CVE-2021-24806

Name of the Vulnerable Software and Affected Versions: wpDiscuz WordPress plugin versions prior to 7.3.4

Description: The issue allows attackers to make logged-in users, such as admins, edit and delete arbitrary comments, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged-in users post arbitrary comments. This is due to the plugin not checking for CSRF when adding, editing, and deleting comments.

Recommendations: For versions prior to 7.3.4, update to version 7.3.4 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to prevent exploitation. Restrict access to comment editing and deletion functionality to minimize the risk of exploitation. Avoid using the plugin's comment functionality until the issue is resolved.