Lucene search
K

79 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-15453

Malicious code in bioql PyPI...

3.5CVSS4.2AI score0.00487EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/07/12 3:36 p.m.4 views

WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin AnyComment versions = 0.3.6...

7.5CVSS7AI score0.0042EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 p.m.6 views

CVE-2022-0279

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...

3.5CVSS6.5AI score0.00487EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.8 views

CVE-2021-24838

The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...

6.1CVSS6.7AI score0.02208EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.5 views

CVE-2018-21001

The anycomment plugin before 0.0.33 for WordPress has XSS...

6.1CVSS7.1AI score0.00905EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/20 12:0 a.m.9 views

The vulnerability of the comments system on the Anycomment.io website lies in the lack of protection for the web page structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the comments system for the Anycomment.io website is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

8.6CVSS5.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.7 views

WordPress AnyComment Plugin <= 0.0.98 is vulnerable to Cross Site Scripting (XSS)

Software AnyComment Type Plugin Vulnerable versions = 0.0.98 Fixed in 0.0.99 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1f6e48daf8e4 Credits Rafie Muhammad Patchstack Required...

5.9AI score0.00284EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/02/23 12:0 a.m.16 views

Wordpress AnyComment competition condition issue vulnerability

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. wordpress AnyComment is vulnerable to a competitive condition issue, which can be exploited by...

3.5CVSS3.1AI score0.00487EPSS
Exploits2References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.12 views

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2022-25195)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the AnyComment plugin for WordPress, versions...

8.8CVSS6.3AI score0.00635EPSS
Exploits2References1
OSV
OSV
added 2022/02/21 11:15 a.m.4 views

CVE-2022-0279

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...

3.1CVSS5.8AI score0.00487EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/02/21 11:15 a.m.7 views

CVE-2022-0134

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...

8.8CVSS7.8AI score0.00635EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/02/21 11:15 a.m.6 views

CVE-2022-0279

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...

3.5CVSS5.4AI score0.00487EPSS
Exploits2References2
OSV
OSV
added 2022/02/21 11:15 a.m.3 views

CVE-2022-0134

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...

8.8CVSS7.3AI score0.00635EPSS
Exploits2References1
NVD
NVD
added 2022/02/21 11:15 a.m.21 views

CVE-2022-0279

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...

3.5CVSS0.00487EPSS
Exploits2References1
Prion
Prion
added 2022/02/21 11:15 a.m.14 views

Cross site request forgery (csrf)

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...

6.8CVSS8.5AI score0.00635EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/02/21 11:15 a.m.14 views

Race condition

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...

3.5CVSS4AI score0.00487EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/02/21 10:46 a.m.94 views

CVE-2022-0279

The CVE-2022-0279 issue affects the WordPress AnyComment plugin prior to version 0.2.18. A race condition in the like/dislike flow for comments/replies allows any authenticated user to rapidly alter ratings of themselves or other users. Affected component: AnyComment WordPress plugin (versions

3.5CVSS3.6AI score0.00487EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/21 10:46 a.m.27 views

CVE-2022-0279 AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...

4.1AI score0.00487EPSS
Exploits2References1
CVE
CVE
added 2022/02/21 10:45 a.m.107 views

CVE-2022-0134

CVE-2022-0134 affects the AnyComment WordPress plugin

8.8CVSS8.6AI score0.00635EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/21 10:45 a.m.21 views

CVE-2022-0134 AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack...

8.8AI score0.00635EPSS
Exploits2References1
Rows per page
Query Builder