Vulnerabilities > CVE-2021-24379 - Incorrect Authorization vulnerability in Wphappycoders Comments Like Dislike

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

wphappycoders

CWE-863

NVD

Published: 2021-06-21

Updated: 2021-09-20

Summary

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side

Vulnerable Configurations

Part	Description	Count
Application	Wphappycoders Wphappycoders Comments Like Dislike *	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://wpscan.com/vulnerability/aae7a889-195c-45a3-bbe4-e6d4cd2d7fd9