79 matches found
EUVD-2022-15453
Malicious code in bioql PyPI...
WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin AnyComment versions = 0.3.6...
CVE-2022-0279
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...
CVE-2021-24838
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...
CVE-2018-21001
The anycomment plugin before 0.0.33 for WordPress has XSS...
The vulnerability of the comments system on the Anycomment.io website lies in the lack of protection for the web page structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the comments system for the Anycomment.io website is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...
WordPress AnyComment Plugin <= 0.0.98 is vulnerable to Cross Site Scripting (XSS)
Software AnyComment Type Plugin Vulnerable versions = 0.0.98 Fixed in 0.0.99 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1f6e48daf8e4 Credits Rafie Muhammad Patchstack Required...
Wordpress AnyComment competition condition issue vulnerability
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. wordpress AnyComment is vulnerable to a competitive condition issue, which can be exploited by...
WordPress Cross-Site Request Forgery Vulnerability (CNVD-2022-25195)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the AnyComment plugin for WordPress, versions...
CVE-2022-0279
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...
CVE-2022-0134
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...
CVE-2022-0279
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...
CVE-2022-0134
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...
CVE-2022-0279
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...
Cross site request forgery (csrf)
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...
Race condition
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...
CVE-2022-0279
The CVE-2022-0279 issue affects the WordPress AnyComment plugin prior to version 0.2.18. A race condition in the like/dislike flow for comments/replies allows any authenticated user to rapidly alter ratings of themselves or other users. Affected component: AnyComment WordPress plugin (versions
CVE-2022-0279 AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...
CVE-2022-0134
CVE-2022-0134 affects the AnyComment WordPress plugin
CVE-2022-0134 AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...