1. Home
  2. CVE Database
  3. CVE-2021-24379
MEDIUM · 5.3

CVE-2021-24379

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user ...

Vulnerability Description

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
WphappycodersComments Like Dislike< 1.1.4

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2021-24379?

CVE-2021-24379 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user ...

How severe is CVE-2021-24379?

CVE-2021-24379 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24379?

Check the references section above for vendor advisories and patch information. Affected products include: Wphappycoders Comments Like Dislike.