exploitDog

CVE-2020-36505

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.

Ссылки

https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50
https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821
Exploit
Third Party Advisory
https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50
https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:delete_all_comments_easily_project:delete_all_comments_easily:*:*:*:*:*:wordpress:*:*

Версия до 1.3 (включая)

EPSS

Процентиль: 44%

0.00214

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-cvg2-rcw5-j6vm

github

больше 3 лет назад

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.

EPSS

Процентиль: 44%

0.00214

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352