"There's no evidence that any of these attacks actually occurred."
Just because there is no evidence, that doesn't mean something didn't happen. The vulnerability allows running scripts on back-end system, it wouldn't be too much of a stretch to think that that might include the ability to interact with the logging system or run a basic line editor to delete the specific log entries.