WordPress 竞争条件问题漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. wordpress AnyComment is vulnerable to a competitive condition issue, which can be exploited by...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the AnyComment plugin for WordPress, versions...

WordPress AnyComment plugin <= 0.2.17 - Arbitrary HyperComments Import/Revert via CSRF vulnerability

Arbitrary HyperComments Import/Revert via CSRF vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.2.17. Solution Update the WordPress AnyComment plugin to the latest available version at least 0.2.18...

WordPress AnyComment plugin <= 0.2.17 - Comment Rating Increase/Decrease via Race Condition vulnerability

Comment Rating Increase/Decrease via Race Condition vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.2.17 Solution Update the WordPress AnyComment plugin to the latest available version at least 0.2.18...

AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF

The plugin does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack PoC Go to https://example.com/wordpress/wp-admin/admin.php?r=import%2Fhypercomments=http://, and you will see a get request in yo...

CVE-2021-24838

The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...

CVE-2021-24838

The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...

CVE-2021-24838

CVE-2021-24838 affects the WordPress AnyComment plugin prior to 0.3.5. An API endpoint passes user input via the redirect parameter to wp_redirect() without validation, causing an open redirect. This could allow an attacker to redirect users to a malicious site. Remediation: update to version 0.3...

CVE-2021-24838 AnyComment < 0.3.5 - Open Redirect

The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...

WordPress plugin AnyComment 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An input validation error vulnerability...

WordPress AnyComment plugin <= 0.3.4 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Brandon Roldan in WordPress AnyComment plugin versions = 0.3.4. Solution Update the WordPress AnyComment plugin to the latest available version at least 0.3.5...

AnyComment <= 0.3.1 - Open Redirect

The plugin has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...

AnyComment <= 0.3.1 - Open Redirect

The plugin has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. PoC...

WordPress anycomment plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress anycomment plugin versions prior to 0.0.33. The...

CVE-2018-21001

The anycomment plugin before 0.0.33 for WordPress has XSS...

Cross site scripting

The anycomment plugin before 0.0.33 for WordPress has XSS...

CVE-2018-21001

The anycomment plugin before 0.0.33 for WordPress has XSS...

CVE-2018-21001

CVE-2018-21001 affects the WordPress AnyComment plugin prior to 0.0.33. The root cause is insufficient validation of client-side data in the anycomment plugin, enabling cross-site scripting (XSS). Several sources (NVD, Red Hat, CNVD, CVE lists) corroborate an XSS vulnerability with this version c...

Anycomment < 0.0.33 - XSS

The AnyComment WordPress plugin was affected by a XSS security vulnerability...