Vulnerability Details CVE-2020-36505
The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50
- https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821
- https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50
- https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821
Products affected by CVE-2020-36505
-
cpe:2.3:a:delete_all_comments_easily_project:delete_all_comments_easily:-
-
cpe:2.3:a:delete_all_comments_easily_project:delete_all_comments_easily:1.3