102 matches found
EUVD-2014-2585
Malware in sbrugna...
EUVD-2014-4494
Malware in sbrugna...
EUVD-2022-4374
Malicious code in bioql PyPI...
EUVD-2025-30464
Malicious code in bioql PyPI...
EUVD-2021-34254
Malicious code in bioql PyPI...
EUVD-2022-2766
Malicious code in bioql PyPI...
EUVD-2022-2439
Malicious code in bioql PyPI...
WordPress plugin Google+ Comments cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...
CVE-2023-46311
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...
CVE-2021-24219
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
CVE-2020-13870
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...
CVE-2020-13869
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name...
CVE-2020-13868
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...
CVE-2025-4189
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...
CVE-2025-4189
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...
CVE-2025-4189
CVE-2025-4189 refers to the Audio Comments Plugin for WordPress, with a CSRF to Stored XSS risk affecting all versions up to 1.0.4. The root cause is missing or incorrect nonce validation on the audio-comments/audior-settings.php page, enabling unauthenticated attackers to induce settings changes...
CVE-2025-4189 Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...
PT-2025-21771 · Unknown · Audio Comments Plugin
Name of the Vulnerable Software and Affected Versions: Audio Comments Plugin versions up to, and including, 1.0.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This allows...
CVE-2024-12874
The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12874
The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...