3 matches found
CVE-2023-23702
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-23702
CVE-2023-23702 is a stored XSS vulnerability in the Pixelgrade Comments Ratings WordPress plugin (versions ≤ 1.1.7) exploitable by users with admin+ privileges. The issue permits injection of malicious scripts via the plugin’s input surface and is rated medium by CVSS (base 4.8–4.9 in sources). P...
CVE-2023-23704
CVE-2023-23704 is a CSRF vulnerability in the WordPress plugin Pixelgrade Comments Ratings affecting versions up to 1.1.6 . The vulnerability is described across sources as Cross-Site Request Forgery with unauthenticated access, enabling CSRF actions on sites using the plugin. Affected product: P...