CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36505 – Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF
https://notcve.org/view.php?id=CVE-2020-36505
16 Jun 2020 — The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog. El plugin Delete All Comments Easily de WordPress versiones hasta 1.3, carece de comprobaciones de tipo Cross-Site Request Forgery (CSRF), lo que podría resultar en que un atacante no autenticado hiciera que un administrador conectado borrara todos los comentarios del blog • https://medium.com/%40hoanhp/0-day-story-2-delete-all-comments-easily-a854e52a7d50 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2016-15033 – Delete All Comments <= 2.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-15033
10 Dec 2016 — The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • http://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin • CWE-434: Unrestricted Upload of File with Dangerous Type •