Unauthenticated User Can Edit Any Comment in DW Question & Answer Pro WordPress Plugin

Unauthenticated User Can Edit Any Comment in DW Question & Answer Pro WordPress Plugin

CVE-2021-24800 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.

Learn more about our Wordpress Pen Testing.