CVE-2023-45008

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPJohnny Comment Reply Email plugin = 1.0.3 versions...

CVE-2023-45008 WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPJohnny Comment Reply Email plugin = 1.0.3 versions...

CVE-2023-45008 WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WPJohnny Comment Reply Email plugin = 1.0.3 versions...

CVE-2023-45008

CVE-2023-45008 affects the WPJohnny Comment Reply Email plugin for WordPress (versions ≤ 1.0.3). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) flaw arising from insufficient input validation/escaping in the plugin, enabling an admin or higher-privileged user to ...

WordPress Plugin Comment Reply Email Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Comment Reply Email Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Comment Reply Email Type Plugin Vulnerable versions = 1.0.3 Fixed in 1.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45008 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fa87fe52845c Credits Yebin Lee Required privilege...

CVE-2023-25051

Cross-Site Request Forgery CSRF vulnerability in Denishua Comment Reply Notification plugin = 1.4 versions...

CVE-2023-25051

Cross-Site Request Forgery CSRF vulnerability in Denishua Comment Reply Notification plugin = 1.4 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Denishua Comment Reply Notification plugin = 1.4 versions...

CVE-2023-25051 WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Denishua Comment Reply Notification plugin = 1.4 versions...

CVE-2023-25051

CVE-2023-25051 is a CSRF vulnerability in the Denishua Comment Reply Notification plugin for WordPress (&lt;= 1.4). The NVD entry lists CVSSv3.1 base score 8.8 (HIGH) with network attack vector, no privileges, user interaction required, and impact to confidentiality, integrity, and availability. ...

WordPress Plugin Comment Reply Notification 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Comment Reply Notification Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Comment Reply Notification Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25051 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fac19e90ec15 Credits Mika Require...

Drupal Comment reply form allows access to restricted content

In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the...

CVE-2022-0279

The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users...

WordPress plugin jQuery Reply to Comment 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2019-13950

index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...

Cross site scripting

In Blogmini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails function, related to app/templates/articlecomments.html...

CVE-2019-9765

In Blogmini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails function, related to app/templates/articlecomments.html...

CVE-2019-9765

In Blogmini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails function, related to app/templates/articlecomments.html...