2 matches found
CVE-2024-6704 Comments – wpDiscuz <= 7.6.21 - Unauthenticated HTML Injection
The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing...
WordPress wpDiscuz Plugin <= 7.6.21 is vulnerable to Content Injection
Software wpDiscuz Type Plugin Vulnerable versions = 7.6.21 Fixed in 7.6.22 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-6704 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 32773981ccf8 Credits Tieu Pham Trong Nhan aptx4869 Required privilege...