Search criteria
2 vulnerabilities found for comment_link_remove_and_other_comment_tools by quantumcloud
CVE-2021-24725 (GCVE-0-2021-24725)
Vulnerability from nvd – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
VLAI
Title
Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF
Summary
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/01483284-57f5-4a… | x_refsource_MISC |
| https://www.trustwave.com/en-us/resources/securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Comment Link Remove and Other Comment Tools |
Affected:
2.1.6 , < 2.1.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Comment Link Remove and Other Comment Tools",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.6",
"status": "affected",
"version": "2.1.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Vierula of Trustwave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its \u0027Delete comments easily\u0027, which could allow attackers to make logged in admin delete arbitrary comments"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:39.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Comment Link Remove and Other Comment Tools \u003c 2.1.6 - Arbitrary Comment Deletion via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24725",
"STATE": "PUBLIC",
"TITLE": "Comment Link Remove and Other Comment Tools \u003c 2.1.6 - Arbitrary Comment Deletion via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Comment Link Remove and Other Comment Tools",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1.6",
"version_value": "2.1.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Martin Vierula of Trustwave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its \u0027Delete comments easily\u0027, which could allow attackers to make logged in admin delete arbitrary comments"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f"
},
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24725",
"datePublished": "2021-09-13T17:56:39.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24725 (GCVE-0-2021-24725)
Vulnerability from cvelistv5 – Published: 2021-09-13 17:56 – Updated: 2024-08-03 19:42
VLAI
Title
Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF
Summary
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/01483284-57f5-4a… | x_refsource_MISC |
| https://www.trustwave.com/en-us/resources/securit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Comment Link Remove and Other Comment Tools |
Affected:
2.1.6 , < 2.1.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Comment Link Remove and Other Comment Tools",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.6",
"status": "affected",
"version": "2.1.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Vierula of Trustwave"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its \u0027Delete comments easily\u0027, which could allow attackers to make logged in admin delete arbitrary comments"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T17:56:39.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Comment Link Remove and Other Comment Tools \u003c 2.1.6 - Arbitrary Comment Deletion via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24725",
"STATE": "PUBLIC",
"TITLE": "Comment Link Remove and Other Comment Tools \u003c 2.1.6 - Arbitrary Comment Deletion via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Comment Link Remove and Other Comment Tools",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1.6",
"version_value": "2.1.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Martin Vierula of Trustwave"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its \u0027Delete comments easily\u0027, which could allow attackers to make logged in admin delete arbitrary comments"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f"
},
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24725",
"datePublished": "2021-09-13T17:56:39.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:16.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}