The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected