Project: Entity Delete
Security risk: *Critical* 18∕25
Vulnerability: Multiple Vulnerabilities
This module enables you to delete any types of entities in bulk.
The module doesn't sufficiently verify access permissions under its use
cases, leading to access bypass. The module also does not protect against
Cross Site Request Forgeries on its delete process.
The access bypass vulnerability is mitigated by the fact that an attacker
must have a role with the permission "access content". There is no additional
mitigation for the Cross Site Request Forgery vulnerability.
Install the latest version:
* If you use the Entity Delete module for Drupal 8.x, upgrade to Entity Delete 8.x-1.4
Also see the Entity Delete project page.