Vulnerability Description
The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Delete All Comments Easily Project | Delete All Comments Easily | <= 1.3 |
Related Weaknesses (CWE)
References
- https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d
- https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821ExploitThird Party Advisory
- https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d
- https://wpscan.com/vulnerability/239f8efa-8fa4-4274-904f-708e65083821ExploitThird Party Advisory
FAQ
What is CVE-2020-36505?
CVE-2020-36505 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all c...
How severe is CVE-2020-36505?
CVE-2020-36505 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36505?
Check the references section above for vendor advisories and patch information. Affected products include: Delete All Comments Easily Project Delete All Comments Easily.