CVE-2021-24725

{"id": "CVE-2021-24725", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-09-13T18:15:18.403", "references": [{"url": "https://wpscan.com/vulnerability/01483284-57f5-4ae9-b5f1-ae26b623571f", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments"}, {"lang": "es", "value": "El plugin Comment Link Remove and Other Comment Tools de WordPress versiones anteriores a 2.1.6, no presenta una comprobaci\u00f3n de tipo CSRF en su acci\u00f3n \"Delete comments easily\", lo que podr\u00eda permitir a atacantes hacer que el administrador conectado elimine comentarios arbitrarios"}], "lastModified": "2021-09-23T15:22:07.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quantumcloud:comment_link_remove_and_other_comment_tools:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5DBCA4B9-EF43-4AC2-8B17-10458B02F133", "versionEndExcluding": "2.1.6"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}