Lucene search

[email protected]CVE-2013-1409

HistoryMar 03, 2014 - 4:55 p.m.

CVE-2013-1409

2014-03-0316:55:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-1409

cross-site scripting

xss

commentluv

wordpress

vulnerability

web script

html

remote attack

admin-ajax.php

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

84.9%

JSON

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.

Affected configurations

NVD

Node

commentluvcommentluvRange≤2.92.3wordpress

commentluvcommentluvMatch2.7wordpress

commentluvcommentluvMatch2.71wordpress

commentluvcommentluvMatch2.74wordpress

commentluvcommentluvMatch2.76wordpress

commentluvcommentluvMatch2.80wordpress

commentluvcommentluvMatch2.81wordpress

commentluvcommentluvMatch2.81.1wordpress

commentluvcommentluvMatch2.81.2wordpress

commentluvcommentluvMatch2.81.3wordpress

commentluvcommentluvMatch2.81.4wordpress

commentluvcommentluvMatch2.81.5wordpress

commentluvcommentluvMatch2.81.6wordpress

commentluvcommentluvMatch2.81.7wordpress

commentluvcommentluvMatch2.81.8wordpress

commentluvcommentluvMatch2.90.1wordpress

commentluvcommentluvMatch2.90.3wordpress

commentluvcommentluvMatch2.90.5wordpress

commentluvcommentluvMatch2.90.6wordpress

commentluvcommentluvMatch2.90.7wordpress

commentluvcommentluvMatch2.90.8wordpress

commentluvcommentluvMatch2.90.8.1wordpress

commentluvcommentluvMatch2.90.8.2wordpress

commentluvcommentluvMatch2.90.8.3wordpress

commentluvcommentluvMatch2.90.9wordpress

commentluvcommentluvMatch2.90.9.1wordpress

commentluvcommentluvMatch2.90.9.2wordpress

commentluvcommentluvMatch2.90.9.3wordpress

commentluvcommentluvMatch2.90.9.4wordpress

commentluvcommentluvMatch2.90.9.5wordpress

commentluvcommentluvMatch2.90.9.6wordpress

commentluvcommentluvMatch2.90.9.7wordpress

commentluvcommentluvMatch2.90.9.8wordpress

commentluvcommentluvMatch2.90.9.9wordpress

commentluvcommentluvMatch2.90.9.9.1wordpress

commentluvcommentluvMatch2.90.9.9.2wordpress

commentluvcommentluvMatch2.90.9.9.3wordpress

commentluvcommentluvMatch2.91wordpress

commentluvcommentluvMatch2.91.1wordpress

commentluvcommentluvMatch2.92wordpress

commentluvcommentluvMatch2.92.1wordpress

commentluvcommentluvMatch2.92.2wordpress

commentluvcommentluvMatch2.761wordpress

commentluvcommentluvMatch2.762wordpress

commentluvcommentluvMatch2.763wordpress

commentluvcommentluvMatch2.764wordpress

commentluvcommentluvMatch2.765wordpress

commentluvcommentluvMatch2.766wordpress

commentluvcommentluvMatch2.767wordpress

commentluvcommentluvMatch2.768wordpress

commentluvcommentluvMatch2.769wordpress

commentluvcommentluvMatch2.7691wordpress

AND

wordpresswordpressMatch-

CPENameOperatorVersion
commentluv:commentluvcommentluvle2.92.3
commentluv:commentluvcommentluveq2.7
commentluv:commentluvcommentluveq2.71
commentluv:commentluvcommentluveq2.74
commentluv:commentluvcommentluveq2.76
commentluv:commentluvcommentluveq2.80
commentluv:commentluvcommentluveq2.81
commentluv:commentluvcommentluveq2.81.1
commentluv:commentluvcommentluveq2.81.2
commentluv:commentluvcommentluveq2.81.3

CPE	Name	Operator	Version
commentluv:commentluv	commentluv	le	2.92.3
commentluv:commentluv	commentluv	eq	2.7
commentluv:commentluv	commentluv	eq	2.71
commentluv:commentluv	commentluv	eq	2.74
commentluv:commentluv	commentluv	eq	2.76
commentluv:commentluv	commentluv	eq	2.80
commentluv:commentluv	commentluv	eq	2.81
commentluv:commentluv	commentluv	eq	2.81.1
commentluv:commentluv	commentluv	eq	2.81.2
commentluv:commentluv	commentluv	eq	2.81.3