CVE-2021-24379

{"id": "CVE-2021-24379", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-06-21T20:15:09.257", "references": [{"url": "https://wpscan.com/vulnerability/aae7a889-195c-45a3-bbe4-e6d4cd2d7fd9", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side"}, {"lang": "es", "value": "El plugin Comments Like Dislike de WordPress versiones anteriores a 1.1.4, permite a usuarios dar me gusta/no me gusta a los comentarios publicados, sin embargo no previene que se repita la petici\u00f3n AJAX para a\u00f1adir un like. Esto permite a cualquier usuario (incluso no autentificado) a\u00f1adir un like/dislike ilimitado a cualquier comentario. El plugin parece tener algunos modos de restricci\u00f3n, como la Restricci\u00f3n de Cookies, restricciones de IP, Restricci\u00f3n de Usuarios Registrados, sin embargo, no previenen este ataque ya que s\u00f3lo comprueban el lado del cliente"}], "lastModified": "2021-09-20T17:11:38.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wphappycoders:comments_like_dislike:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E413D7A1-1C54-4B8D-BEA9-93DE9D5D2E3E", "versionEndExcluding": "1.1.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}