The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
References
Link | Resource |
---|---|
https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50 | |
https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-11-01 09:15
Updated : 2024-02-28 18:48
NVD link : CVE-2020-36505
Mitre link : CVE-2020-36505
CVE.ORG link : CVE-2020-36505
JSON object : View
Products Affected
delete_all_comments_easily_project
- delete_all_comments_easily
CWE
CWE-352
Cross-Site Request Forgery (CSRF)