PT-2022-9466 · WordPress · Dw Question & Answer Pro

Brandon Roldan

Published

2022-04-25

Updated

2022-05-05

CVE-2021-24800

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions DW Question & Answer Pro WordPress plugin versions 1.3.4 and earlier

Description The issue allows any user to edit other comments because it does not check if the comment to edit belongs to the user making the request.

Recommendations For DW Question & Answer Pro WordPress plugin versions 1.3.4 and earlier, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to comment editing functionality until a patch is available.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2021-24800

Affected Products

Dw Question & Answer Pro

PT-2022-9466 · WordPress · Dw Question & Answer Pro

CVE-2021-24800

Weakness Enumeration

Related Identifiers

Affected Products

References · 4