8 matches found
CVE-2026-6041
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
EUVD-2026-24698
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041 Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
CVE-2026-6041
Vulnerability overview: CVE-2026-6041 affects the WordPress plugin Buzz Comments (versions up to 0.9.4). The issue is a Stored Cross-Site Scripting (Stored XSS) via the Custom Buzz Avatar setting (buzz_comments_avatar_image) caused by insufficient input sanitization and output escaping. Impact an...
CVE-2026-6041 Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting
The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' buzzcommentsavatarimage setting in all versions up to, and including, 0.9.4. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
PT-2026-34305
Name of the Vulnerable Software and Affected Versions Buzz Comments versions prior to 0.9.5 Description Insufficient input sanitization and output escaping in the 'Custom Buzz Avatar' setting, specifically the buzz comments avatar image variable, allows authenticated attackers with...