Unrated severityNVD Advisory· Published Jun 21, 2021· Updated Aug 3, 2024
Comments Like Dislike < 1.1.4 - Add Like/Dislike Bypass
CVE-2021-24379
Description
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some Restriction modes, such as Cookie Restriction, IP Restrictions, Logged In User Restriction, however, they do not prevent such attack as they only check client side
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Comments Like Dislikedescription
- Range: <1.1.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/aae7a889-195c-45a3-bbe4-e6d4cd2d7fd9mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.