2 matches found
CVE-2022-1709
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack...
CVE-2022-1709
The CVE-2022-1709 entry concerns the WordPress Throws SPAM Away plugin (versions before 3.3.1). The connected sources confirm a CSRF vulnerability in comment deletion (all/spam/pending) that can cause a logged-in administrator to delete comments via CSRF. Affected component: the plugin’s delete-c...