EUVD-2010-1138

Malware in sbrugna...

CVE-2025-7649

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-7649

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2025-7649

CVE-2025-7649 affects the WordPress plugin Surbma | Recent Comments Shortcode. The vulnerability is a Stored Cross‑Site Scripting (XSS) via the plugin's recent-comments shortcode in all versions up to and including 2.0. An attacker with at least a contributor‑level account can inject arbitrary sc...

CVE-2025-7649 Surbma | Recent Comments Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Surbma | Recent Comments Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Surbma | Recent Comments Shortcode plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin Surbma | Recent Comments Shortcode versions = 2.0...

CVE-2023-23886

Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7...

PT-2024-12007 · WordPress · Wp-Recentcomments

Name of the Vulnerable Software and Affected Versions: WP-RecentComments versions through 2.2.7 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP-RecentComments version...

CVE-2024-7648

The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access...

WordPress plugin Opal Membership 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Automattic: Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url

Summary: Hello team. I have found a place where filtration/encoding for special symbols used in blog/site url is not set which leads to Stored XSS on the user page who posted a comment on malicious blog/site. Platforms Affected: Affected page www.intensedebate.com/extras-widgets block "Recent...

CVE-2012-4483

The commonsdiscussionviewsdefaultviews function in modules/features/commonsdiscussion/commonsdiscussion.viewsdefault.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensiti...

WordPress Recent Comments Plugin <= 2.0.6 - XSS

Because of this vulnerability in the core.php, the attackers can inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...

WordPress Recent Comments Plugin <= 2.0.6 - SQL injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...

Cross site scripting

Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...

CVE-2010-1107

Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...

CVE-2010-1107

The CVE-2010-1107 entry concerns a Cross-site Scripting (XSS) vulnerability in Drupal’s Recent Comments module for versions 5.x (up to 5.x-1.2) and 6.x (up to 6.x-1.0). The underlying issue allows remote authenticated users to inject arbitrary web script or HTML via the “custom block title interf...

SA-CONTRIB-2010-008 - Recent Comments - Cross Site Scripting

Recent Comments module provides a high-performance, fully themable block of recent comments. This release includes a fix for a cross-site scripting XSS vulnerability in which JavaScript could be inserted in the title of the Recent Comments block via a custom block title interface. This custom tit...