Delete All Comments Easily <= 1.3 - CSRF Leading to All Comments Deletion



Description
The plugin is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.

Affects Plugin

no known fix
- plugin closed

References

URL https://medium.com/@hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Hoan Hp
Views 500
Verified No
WPVDB ID 10279

Timeline

Publicly Published 2020-06-16 (23 days ago)
Added 2020-06-22 (16 days ago)
Last Updated 2020-06-23 (16 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin