CVE-2022-1779

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...

Cross site request forgery (csrf)

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...

CVE-2022-1779

The CVE-2022-1779 vulnerability affects the WordPress plugin Auto Delete Posts up to version 1.3.0. The issue is a missing CSRF check when updating plugin settings, enabling a logged‑in administrator to alter settings via CSRF and trigger deletion of specific posts, categories, and attachments. T...

WordPress Auto Delete Posts plugin <= 1.3.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Auto Delete Posts plugin versions = 1.3.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...