PT-2026-25142

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

CVE-2026-2112

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

CVE-2026-2112

CVE-2026-2112 (Dam Spam WordPress plugin) : The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0.8 due to missing nonce verification on the pending comment deletion action in the cleanup page. This allows unauthenticated attackers to delete all p...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

EUVD-2016-4167

Malware in sbrugna...

EUVD-2005-2169

Malware in sbrugna...

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

Improper access control

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

CVE-2020-36505

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery CSRF checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog...

Cross-Site Request Forgery (CSRF) in microweber/microweber

Description Hello Microweber team I found a CSRF on deleting the comments : //PoC.html history.pushState'', '', '/' after you run this PoC.html you can see that the comment with id 1 will be deleted...

CVE-2017-1000432

Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access...

GeoBlog MOD_1.0 - deleteblog.php?id Arbitrary Blog Deletion

GeoBlog MOD1.0 - deleteblog.php?id Arbitrary Blog Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit thes...