Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass
CVE-2021-24379

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Comments Like Dislike
Vendor: CVE Published:; 21 June 2021

Summary

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side

Affected Version(s)

Comments Like Dislike 1.1.4

References

https://wpscan.com/vulnerability/aae7a889-195c-45a3-bbe4-...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Phu Tran from techlabcorp.com