Show all comments < 7.0.1 - Cross-Site Scripting

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. id: CVE-2022-4295 info: name: Show all commen...

EUVD-2025-13770

Malicious code in bioql PyPI...

CVE-2025-47607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AppJetty Show All Comments show-all-comments-in-one-page allows Stored XSS.This issue affects Show All Comments: from n/a through = 7.0.1...

CVE-2025-47607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AppJetty Show All Comments show-all-comments-in-one-page allows Stored XSS.This issue affects Show All Comments: from n/a through = 7.0.1...

CVE-2025-47607 WordPress Show All Comments plugin <= 7.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AppJetty Show All Comments show-all-comments-in-one-page allows Stored XSS.This issue affects Show All Comments: from n/a through = 7.0.1...

CVE-2025-47607 WordPress Show All Comments plugin <= 7.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AppJetty Show All Comments show-all-comments-in-one-page allows Stored XSS.This issue affects Show All Comments: from n/a through = 7.0.1...

PT-2025-20179 · Appjetty · Appjetty Show All Comments

Name of the Vulnerable Software and Affected Versions: AppJetty Show All Comments versions n/a through 7.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker...

The vulnerability of the “Show All Comments” plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the “Show All Comments” plugin in the WordPress content management system is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

CVE-2022-4295

The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin...

PT-2023-7912 · WordPress · Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Show All Comments WordPress plugin version prior to 7.0.1 Description: The issue is related to a Reflected Cross-Site Scripting attack, which could be used against logged-in high-privilege users, such as admins. This occurs because the plugin...

WordPress plugin Show All Comments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...