Vulnerabilities > CVE-2021-24800 - Authorization Bypass Through User-Controlled Key vulnerability in Designwall DW Question & Answer
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.