Unauthenticated Attackers Can Delete All Comments in WordPress Blog via Delete All Comments Easily Plugin

Unauthenticated Attackers Can Delete All Comments in WordPress Blog via Delete All Comments Easily Plugin

CVE-2020-36505 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.

Learn more about our Wordpress Pen Testing.