102 matches found
CVE-2025-2163
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-2163
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-2163
CVE-2025-2163 refers to a CSRF to Stored XSS vulnerability in the Zoorum Comments WordPress plugin (versions up to and including 0.9). The issue arises from missing or incorrect nonce validation in zoorum_set_options(), enabling unauthenticated attackers to update plugin settings and inject scrip...
CVE-2025-2163 Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-25156 WordPress Quote Comments plugin <= 3.0.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through = 3.0.0...
CVE-2025-25156 WordPress Quote Comments plugin <= 3.0.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in Stanko Metodiev Quote Comments quote-comments allows Stored XSS.This issue affects Quote Comments: from n/a through = 3.0.0...
CVE-2024-8792
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-8792 Subscribe to Comments <= 2.3 - Reflected Cross-Site Scripting
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress One Click Close Comments Plugin <= 2.7.1 is vulnerable to Sensitive Data Exposure
Software One Click Close Comments Type Plugin Vulnerable versions = 2.7.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6546 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 20aa54d1deb1 Credits stealthcopter...
WordPress Better Comments plugin < 1.5.6 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Nicolo in WordPress Plugin Better Comments versions 1.5.6...
CVE-2024-2402
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Denial of Service in Comments API - ownCloud
Insufficient input validation in the Comments Plugin may allow an authenticated attacker to cause a Denial of Service...
WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Friday Patchstack Alliance in WordPress Plugin WP Social Comments versions = 1.7.3...
WordPress Plugin Social Share, Social Login and Social Comments Plugin 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress Plugin Social Share, Social Login and...
WordPress Copy Or Move Comments Plugin <= 5.0.4 is vulnerable to SQL Injection
Software Copy Or Move Comments Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28748 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID c441c723b0a4 Credits minhtuanact Required privilege Subscriber...
WordPress Internal Comments Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software Internal Comments Type Plugin Vulnerable versions = 1.2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4ebc42631ae8 Credits Rafie Muhammad Patchstack Requir...
CVE-2023-23733
CVE-2023-23733 concerns the WordPress plugin Lazy Social Comments (aka lazy-facebook-comments) with a stored XSS vulnerability in versions 2.0.4), or apply vendor-provided mitigations. Exploitation status: not observed in provided docs beyond advisory entries; no in-the-wild exploit details are g...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin = 1.6.1 versions...
CVE-2023-23977
CVE-2023-23977 affects the Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments, versioned ≤ 1.6.1. The vulnerability is a Stored Cross-Site Scripting (XSS) that requires authentication (Contributor+). The issue stems from insufficient escaping/validation of sh...
Cross site scripting
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading t...