Lucene search

K

John Castro (Pagely)PATCHSTACK:2B4CD1A19D238BAEBC72049472A2FFFE

HistoryOct 07, 2021 - 12:00 a.m.

WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability

2021-10-0700:00:00

John Castro (Pagely)

patchstack.com

5

wordpress

comment engine pro

cross-site scripting

xss

vulnerability

john castro

pagely

EPSS

0.001

Percentile

19.4%

Stored Cross-Site Scripting (XSS) vulnerability discovered by John Castro (Pagely) in WordPress Comment Engine Pro plugin (versions <= 1.0).

Solution

Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available for download. Reason: Security Issue.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36911

wordpress.org/plugins/comment-engine-pro/

EPSS

0.001

Percentile

19.4%

Related for PATCHSTACK:2B4CD1A19D238BAEBC72049472A2FFFE

nvd1 cve1 cvelist1 prion1 wpvulndb1