CVE-2020-36505: 
WordPress vulnerability analysis and mitigation

The Delete All Comments Easily WordPress plugin through version 1.3 contains a Cross-Site Request Forgery (CSRF) vulnerability. This security flaw was discovered in June 2020 and assigned CVE-2020-36505. The vulnerability affects all versions of the plugin up to and including version 1.3, which has over 20,000 active installations worldwide (WPScan).

The vulnerability stems from the plugin's lack of CSRF protection checks in its main functionality. Specifically, the plugin fails to implement WordPress core's wpverifynonce() function, which is designed to prevent CSRF attacks. This oversight in the plugin's code makes it susceptible to cross-site request forgery attacks (Medium Blog). The vulnerability has been assigned a CVSS score of 4.3 (Medium) (WPScan).

If exploited, this vulnerability could allow an unauthenticated attacker to trick a logged-in administrator into deleting all comments from the WordPress blog without their knowledge or consent. This could result in significant data loss and disruption to the website's user engagement (WPScan).

As of the latest available information, there is no known fix for this vulnerability. Website administrators using this plugin should consider implementing additional security measures or switching to alternative comment management solutions (WPScan).