CVE-2022-1709

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack...

CVE-2023-28876

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users...

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Description CSRF in deleting comments Proof of Concept 1. Logging in using admin/staff account 2. Go to torrent https://unit3d.site/torrents/19comments 3. Access the link https://unit3d.site/comments/delete/5 4 .See that the comment is deleted Impact This vulnerability is capable of deleting...

Valve: Deleting other people's comments on ModeratorMessages

Due to a missing permissions check, anyone could delete a comment on a community moderator message knowing the unique comment GID and the SteamID of the message receiver. The endpoint has been corrected to verify the correct permissions. You were able to delete others people's comments on moderat...

CVE-2017-5475

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments...