15 matches found
CVE-2024-2404
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks...
WordPress Better Comments plugin < 1.5.6 - Subscriber+ Stored XSS vulnerability
Subscriber+ Stored XSS vulnerability discovered by Nicolo in WordPress Plugin Better Comments versions 1.5.6...
WordPress Better Comments plugin < 1.5.6 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Nicolo in WordPress Plugin Better Comments versions 1.5.6...
CVE-2024-2404
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2024-2402
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2402 Better Comments < 1.5.6 - Admin+ Stored XSS
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2402 Better Comments < 1.5.6 - Admin+ Stored XSS
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2404
CVE-2024-2404 affects the WordPress plugin Better Comments prior to version 1.5.6. The issue arises because the plugin does not fully sanitise/escape certain settings, enabling stored XSS by low-privilege users (e.g., Subscribers). Reported impact is stored Cross-Site Scripting with low privilege...
WordPress Better Comments Plugin < 1.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Better Comments Type Plugin Vulnerable versions 1.5.6 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2404 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 299c511e920b Credits Nicolo Required...
PT-2024-20238 · WordPress · Better Comments
Name of the Vulnerable Software and Affected Versions: Better Comments WordPress plugin versions prior to 1.5.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...
WordPress Better Comments Plugin < 1.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Better Comments Type Plugin Vulnerable versions 1.5.6 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2402 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ef62708732b4 Credits Nicolo Required privilege...
Better Comments < 1.5.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. From the WordPress menu on the left...
WordPress Better Comments Plugin < 1.5.4 is vulnerable to Cross Site Scripting (XSS)
Software Better Comments Type Plugin Vulnerable versions 1.5.4 Fixed in 1.5.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 702ae6a34747 Credits Rafie Muhammad Patchstack Required...
WordPress Better Comments plugin <= 1.3 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Better Comments plugin versions = 1.3. Solution Update the WordPress Better Comments plugin to the latest available version at least 1.4...
WordPress Better Comments plugin <= 1.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Better Comments plugin versions = 1.3. Solution Update the WordPress Better Comments plugin to the latest available version at least 1.4...