Unauthenticated User Can Edit Any Comment in DW Question & Answer Pro WordPress Plugin
CVE-2021-24800 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
Learn more about our Wordpress Pen Testing.