vulnerability

WordPress Plugin: throws-spam-away: CVE-2022-1709: Cross-Site Request Forgery (CSRF)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

May 16, 2022

Added

May 15, 2025

Modified

Apr 29, 2026

Description

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack

Solution

throws-spam-away-plugin-cve-2022-1709

References

https://www.cve.org/CVERecord?id=CVE-2022-1709
https://www.wordfence.com/threat-intel/vulnerabilities/id/3ce0fece-a7e5-4d27-a70a-37ab0973c15f?source=api-prod
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-24992
CVE-2022-1709
https://attackerkb.com/topics/CVE-2022-1709
CWE-352
EUVD-EUVD-2022-24992

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report