Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.5 views

CVE-2022-1709

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack...

4.3CVSS5.8AI score0.00412EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.14 views

WordPress plugin Throws SPAM Away 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Throws SPAM Away plugin versions prior to 3.3.1 are vulnerable to cross-site request forger...

4.3CVSS5.5AI score0.00412EPSS
Exploits2References2
CVE
CVE
added 2022/06/06 8:51 a.m.66 views

CVE-2022-1709

The CVE-2022-1709 entry concerns the WordPress Throws SPAM Away plugin (versions before 3.3.1). The connected sources confirm a CSRF vulnerability in comment deletion (all/spam/pending) that can cause a logged-in administrator to delete comments via CSRF. Affected component: the plugin’s delete-c...

4.3CVSS4.4AI score0.00412EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/05/16 12:0 a.m.19 views

WordPress Throws SPAM Away plugin <= 3.3 - Comment Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Comment Deletion via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Throws SPAM Away plugin versions = 3.3. Solution Update the WordPress Throws SPAM Away plugin to the latest available version at least 3.3.1...

4.3CVSS4.8AI score0.00412EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder