Support » Plugin: Delete All Comments » DO NOT USE

  • Sadly I can’t endorse this plugin. I work for a UK based host that actively tracks compromises on customer based sites and the number of compromises that relate to this plugin is steadily growing. It’s entirely exploitable, allowing (people who know what they’re doing) the ability to upload unverified files that could do pretty much anything within reason. I’ve had an instance recently where a file was uploaded via a POST request to the plugins main file (delete-all-comments.php), and that’s then injected a user into the DB, allowing someone to login to the relevant admin area.

    Until this has been verified fixed, or at least updated in some manner – do yourself a favour and stay the hell away.

  • The topic ‘DO NOT USE’ is closed to new replies.