CVE-2021-24805

Name of the Vulnerable Software and Affected Versions DW Question & Answer Pro WordPress plugin versions 1.3.4 and earlier

Description The issue allows attackers to make logged-in users perform unwanted actions due to insufficient CSRF checks in some functions. This can lead to updates of comment or question status without the user's intent.

Recommendations For DW Question & Answer Pro WordPress plugin versions 1.3.4 and earlier, consider disabling the functions that do not properly check for CSRF until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.