9 matches found
EUVD-2026-24698
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041 Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041
Vulnerability overview: CVE-2026-6041 affects the WordPress plugin Buzz Comments (versions up to 0.9.4). The issue is a Stored Cross-Site Scripting (Stored XSS) via the Custom Buzz Avatar setting (buzz_comments_avatar_image) caused by insufficient input sanitization and output escaping. Impact an...
CVE-2026-6041
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041 Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
WordPress plugin Buzz Comments 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-34305
Name of the Vulnerable Software and Affected Versions Buzz Comments versions prior to 0.9.5 Description Insufficient input sanitization and output escaping in the 'Custom Buzz Avatar' setting, specifically the buzz comments avatar image variable, allows authenticated attackers with...
WordPress Buzz Comments plugin <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Buzz Comments versions = 0.9.4...