33 matches found
WordPress plugin Comment Edit Core – Simple Comment Editing 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...
WordPress Comment Edit Core – Simple Comment Editing plugin <= 3.1.0 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Powpy in WordPress Plugin Comment Edit Core – Simple Comment Editing versions = 3.1.0...
CVE-2025-5071
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'MeowMWAILabsMCP::canaccessmcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2025-24703
Server-Side Request Forgery SSRF vulnerability in Ronald Huereca Comment Edit Core – Simple Comment Editing simple-comment-editing allows Server Side Request Forgery.This issue affects Comment Edit Core – Simple Comment Editing: from n/a through = 3.0.33...
WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by Marek Mikita in WordPress Plugin Comment Edit Core – Simple Comment Editing versions = 3.0.33...
WordPress plugin Comment Edit Core – Simple Comment Editing 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...
PT-2025-5517 · Unknown · Dlx Plugins Comment Edit Core
Name of the Vulnerable Software and Affected Versions: DLX Plugins Comment Edit Core – Simple Comment Editing versions through 3.0.33 Description: A Server-Side Request Forgery SSRF issue affects the software, allowing for Server Side Request Forgery. Recommendations: For versions through 3.0.33,...
DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR
The plugin does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. Vendor was notified via Envato on September 28th, 2021, but did not properly fix the issue and was notified numerous times since. As any authenticated user, post a...
CVE-2020-10504
CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request...
GitLab -- multiple vulnerabilities
GitLab reports: User without access to private Wiki can see it on the project page Matthias Burtscher reported that it was possible for a user to see a private Wiki on the project page without having the corresponding permission. E-mail address disclosure through member search fields Hugo Geoffro...
X (Formerly Twitter): [IDOR][translate.twitter.com] Opportunity to change any comment at the forum
POC: https://translate.twitter.com/forum/getting-started/topics/7037/posts/43287/edit Steps to reproduce: 1 Go to any forums topic for example: https://translate.twitter.com/forum/getting-started/topics/7037 2 View source code of the page and take post id screenshot "idor edit.jpg" 3 Append...
Vimeo: A user can edit comments even after video comments are disabled
A user can escalate privileges and edit his previous comments, when comments are disabled for a video. Steps to verify: 1. Log into vimeo.com as Alice. Upload a video say, video id - 118026546 and allow anyone to leave comments for that video . 2. Login as Bob and navigate to the video URL -...
CVE-2009-4874
TalkBack 2.3.14 does not properly restrict access to the edit comment feature comments.php, which allows remote attackers to modify comments...