WordPress · Delete All Comments Easily · CVE-2020-36505
Name of the Vulnerable Software and Affected Versions:
Delete All Comments Easily WordPress plugin versions 1.3 and earlier
Description:
The issue is related to a lack of Cross-Site Request Forgery (CSRF) checks in the plugin. This could allow an unauthenticated attacker to make a logged-in admin delete all comments from the blog.
Recommendations:
For Delete All Comments Easily WordPress plugin versions 1.3 and earlier, update to a version that includes CSRF checks to prevent unauthorized actions.