What the vulnerability does
01Description
Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: through 1.1.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: through 1.1.1.
Explanation of Vulnerability in Simple Terms
The Delete All Posts plugin for WordPress contains a missing authorization flaw that allows unauthenticated attackers to modify or delete site content. An attacker can send a network request without credentials to trigger the vulnerable function. This affects all versions up to 1.1.1. Site administrators should update immediately to prevent unauthorized content destruction.
What an attacker can do
Delete or modify posts on the site without logging in.
Potential impact on your site
Attackers can destroy or alter published content without any credentials.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities