76 matches found
WordPress AnyComment <0.3.5 - Open Redirect
WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
EUVD-2026-2716
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
PT-2026-3113
Name of the Vulnerable Software and Affected Versions Anycomment version 0.4.4 Description A Cross Site Scripting issue exists in Anycomment. This allows a remote attacker to execute arbitrary code through the Anycomment comment section. Recommendations At the moment, there is no information abou...
AnyComment security vulnerability
AnyComment is an embedded comment system tool developed by the Russian company AnyComment. Version 0.4.4 of AnyComment contains a security vulnerability; this vulnerability arises from the lack of input cleaning in the comment section, which may lead to cross-site scripting attacks...
CVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section...
CVE-2025-67025
CVE-2025-67025: Cross Site Scripting in Anycomment (anycomment.io) version 0.4.4 allows a remote attacker to run arbitrary code via the comment section. Affected product is Anycomment.io; root cause is XSS in the comment handling. Documented impact is execution of arbitrary code; no patch/version...
CVE-2025-62874
Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through = 0.3.6...
CVE-2025-62874
Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through = 0.3.6...
CVE-2025-62874
Technical details for CVE-2025-62874 are not provided in the supplied documents; no specifics on affected versions, root cause, or fixes are included. Monitor for updates from official advisories.
CVE-2025-62874 WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6...
CVE-2025-62874 WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through = 0.3.6...
EUVD-2025-205978
Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6...
WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rooting in WordPress Plugin AnyComment versions = 0.3.6...
PT-2025-54397
Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6...
WordPress plugin AnyComment 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...