The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50 - | |
References | () https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821 - Exploit, Third Party Advisory |
07 Nov 2023, 03:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-11-01 09:15
Updated : 2024-11-21 05:29
NVD link : CVE-2020-36505
Mitre link : CVE-2020-36505
CVE.ORG link : CVE-2020-36505
JSON object : View
Products Affected
delete_all_comments_easily_project
- delete_all_comments_easily
CWE
CWE-352
Cross-Site Request Forgery (CSRF)