8 matches found
CVE-2025-55737 flaskBlog arbitrary comment delete
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...
WordPress WooCommerce plugin <= 6.2.0 - Arbitrary Comment Deletion vulnerability
Arbitrary Comment Deletion vulnerability discovered in WordPress WooCommerce plugin versions = 6.2.0. Solution Update the WordPress WooCommerce plugin to the latest available version at least 6.2.1...
WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion
The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment Log in as any user with privileges as low as Subscriber...
WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion
The plugin does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment PoC Log in as any user with privileges as low as Subscriber...
WordPress wpDiscuz plugin <= 7.3.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Comment Addition/Edition/Deletion
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Comment Addition/Edition/Deletion discovered by Brandon Roldan in WordPress wpDiscuz plugin versions = 7.3.3. Solution Update the WordPress wpDiscuz plugin to the latest available version at least 7.3.4...
CVE-2021-24725 Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF
The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments...
GeoBlog MOD_1.0 - deletecomment.php?id Arbitrary Comment Deletion
GeoBlog MOD1.0 - deletecomment.php?id Arbitrary Comment Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploi...
Multiple vulnerabilities in myBloggie 2.1.1
CODEBUG Labs Advisory 9 Title: Multiple vulnerabilities in myBloggie 2.1.1 Authors: Alberto Trivero & CorryL English Version: Alberto Trivero Product: myBloggie 2.1.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org/ -- Software Page mybloggie.mywebland.com "myBloggie is considered one ...