WordPress Plugin Vulnerabilities

Delete All Comments 2.0 - Unauthenticated Arbitrary File Upload

Description

The delete-all-comments WordPress plugin was affected by an Unauthenticated Arbitrary File Upload security vulnerability.

Affects Plugins

Plugin icon
delete-all-comments
No known fix

References

CVE
CVE-2016-15033
URL
http://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin/

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4fd70c87-f432-4d27-ad5d-ef0401f412a8

Timeline

Publicly Published
2016-12-10 (about 9 years ago)
Added
2016-12-11 (about 9 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2025-05-09
Title
StoreKeeper for WooCommerce < 14.4.5 - Unauthenticated Arbitrary File Upload
Published
2023-11-29
Title
rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE
Published
2021-09-01
Title
Secure File Manager <= 2.9.3 - Admin+ RCE
Published
2025-06-30
Title
LogisticsHub <= 1.1.6 - Unauthenticated Arbitrary File Upload
Published
2022-01-18
Title
Better Messages < 1.9.9.149 - File Upload via CSRF