logo
DATABASE RESOURCES PRICING ABOUT US

Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF

Description

The plugin does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack ### PoC To delete all comments


Affected Software


CPE Name Name Version
throws-spam-away 3.3.1

Related