CVE-2022-1709

Name of the Vulnerable Software and Affected Versions Throws SPAM Away WordPress plugin versions prior to 3.3.1

Description The issue concerns a lack of CSRF checks when deleting comments, which can be either all, spam, or pending. This allows attackers to trick a logged-in admin into deleting comments via a CSRF attack.

Recommendations For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to comment deletion functionality to minimize the risk of exploitation.