mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
80 lines
2.1 KiB
JSON
80 lines
2.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2021-24725",
|
|
"ASSIGNER": "contact@wpscan.com",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF"
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"generator": "WPScan CVE Generator",
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Unknown",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Comment Link Remove and Other Comment Tools",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "2.1.6",
|
|
"version_value": "2.1.6"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments"
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f",
|
|
"name": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225",
|
|
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
|
|
"lang": "eng"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Martin Vierula of Trustwave"
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |