4 matches found
CVE-2022-1709
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack...
WordPress plugin Throws SPAM Away 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Throws SPAM Away plugin versions prior to 3.3.1 are vulnerable to cross-site request forger...
CVE-2022-1709
The CVE-2022-1709 entry concerns the WordPress Throws SPAM Away plugin (versions before 3.3.1). The connected sources confirm a CSRF vulnerability in comment deletion (all/spam/pending) that can cause a logged-in administrator to delete comments via CSRF. Affected component: the plugin’s delete-c...
WordPress Throws SPAM Away plugin <= 3.3 - Comment Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Comment Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Throws SPAM Away plugin versions = 3.3. Solution Update the WordPress Throws SPAM Away plugin to the latest available version at least 3.3.1...