102 matches found
CVE-2006-10001
CVE-2006-10001 affects the WordPress plugin “Subscribe to Comments” up to version 2.0.7, where an issue in the file subscribe-to-comments.php enables cross-site scripting. The vulnerability can be triggered remotely, with the impact described as causing client-side script execution. A fix is avai...
WordPress plugin Add Comments 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
GHSA-69WW-WV3J-MHG4 Comments plugin stored Cross-site Scripting (XSS) via an asset volume name
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...
GHSA-4R8C-PJ7X-M5JX Comments plugin Cross-Site Request Forgery (CSRF)
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...
GHSA-JHHF-C849-3RH2 Comments plugin stored Cross-site Scripting via a guest name
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via a guest name...
Comments plugin stored Cross-site Scripting via a guest name
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via a guest name...
Comments plugin stored Cross-site Scripting (XSS) via an asset volume name
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...
Comments plugin Cross-Site Request Forgery (CSRF)
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...
CVE-2022-1090
The Good & Bad Comments WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Wordpress Plugin Edit Comments SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. Wordpress Plugin Edit Comments suffers from a SQL...
WordPress Edit Comments plugin <= 0.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Edit Comments plugin versions = 0.3. Solution This plugin has been closed as of June 2, 2021 and is not available for download. Reason: Security Issue...
Comments wpDiscuz Plugin for WordPress < 7.0.5 Arbitrary File Upload
The WordPress Comments wpDiscuz Plugin installed on the remote host is affected by an arbitrary file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
Pixel & Tonic Craft CMS Comments plugin cross-site request forgery vulnerability
Pixel & Tonic Craft CMS is the U.S. Pixel & Tonic company's set of content management system CMS. Comments plugin is one of the code comment generation plugin. A cross-site request forgery vulnerability exists in the Pixel & Tonic Craft CMS Comments plugin. An attacker can exploit this...
Pixel & Tonic Craft CMS Comments plugin cross-site scripting vulnerability
Pixel & Tonic Craft CMS is the U.S. Pixel & Tonic company's set of content management system CMS. Comments plugin is one of the code comment generation plugin. A cross-site scripting vulnerability exists in the Pixel & Tonic Craft CMS Comments plugin. The vulnerability stems from a lack of proper...
CVE-2020-13869
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name...
CVE-2020-13868
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...
CVE-2020-13870
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...
CVE-2020-13868
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...
CVE-2020-13870
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name...
Cross site request forgery (csrf)
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity...