3862 matches found
PT-2025-47507
Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An authorization flaw exists in the comment deletion functionality of Rallly, an open-source scheduling and collaboration tool. Authenticated users can delete comments belonging to other users,...
EUVD-2025-198083
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-9501
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...
WordPress Plugin Comment Edit Core - Simple Comment Editing Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...
CVE-2025-63693
CVE-2025-63693 affects DzzOffice 2.3.x. The vulnerability resides in the comment editing template (dzz/comment/template/edit_form.htm), which does not adequately escape user-controllable data across HTML and JavaScript contexts. This can allow low-privilege attackers to craft comment content or r...
DzzOffice 安全漏洞
DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version 2.3.x. The vulnerability stems from a comment...
PT-2025-47383
Name of the Vulnerable Software and Affected Versions DzzOffice versions 2.3.x Description The comment editing template in DzzOffice does not properly sanitize user-supplied data when handling HTML and JavaScript strings. This allows a low-privilege attacker to inject and execute arbitrary...
CVE-2025-63693
The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...
CVE-2025-12681
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...
EUVD-2025-158263
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...
CVE-2025-12681
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...
CVE-2025-12681 Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...
CVE-2025-12681
CVE-2025-12681 affects the WordPress plugin Comment Edit Core – Simple Comment Editing, up to version 3.1.0. The root cause is an unauthenticated exposure via the ajax_get_comment function, allowing any visitor to access sensitive data such as user IDs, IP addresses, and email addresses. Wordfenc...
CVE-2025-12681 Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...
PT-2025-53379
Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description The software contains a flaw that allows for Cross-Site Scripting XSS within the textarea of the comment editing form. This issue is related to the DocumentServer component. Recommendations...
WordPress plugin Comment Edit Core – Simple Comment Editing 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...
PT-2025-46785
The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax get comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, I...
WordPress Comment Edit Core – Simple Comment Editing plugin <= 3.1.0 - Unauthenticated Sensitive Information Exposure vulnerability
Unauthenticated Sensitive Information Exposure vulnerability discovered by Powpy in WordPress Plugin Comment Edit Core – Simple Comment Editing versions = 3.1.0...