cleantalk
Vulnerabilities and Security Researches

Comments – wpDiscuz, CVE-2021-24806

CVE, Research URL

CVE-2021-24806

Home page URL

Security reports for Comments – wpDiscuz

Application

Comments – wpDiscuz

Published on
Nov 08, 2021
Research Description
The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.
Affected versions
Min -, max 7.3.4.
Status
vulnerable
Previous vulnerability researches
Comments – wpDiscuz (CVE-2025-59591) , Oct 10, 2025
Comments – wpDiscuz (CVE-2023-46309) , Jun 10, 2024
Comments – wpDiscuz (CVE-2023-45760) , Jun 10, 2024
Comments – wpDiscuz (CVE-2024-35681) , Jun 09, 2024
Comments – wpDiscuz (CVE-2024-9488) , Oct 27, 2024
New vulnerability
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025
Advanced Settings (CVE-2025-58996) , Oct 12, 2025
FancyTabs (CVE-2025-8560) , Oct 12, 2025