74 matches found
PT-2024-39661 · WordPress · Wpdiscuz
Name of the Vulnerable Software and Affected Versions: The Comments – wpDiscuz plugin for WordPress versions up to, and including, 7.6.24 Description: The issue is due to insufficient verification on the user being returned by the social login token, making it possible for unauthenticated attacke...
PT-2024-37811 · WordPress · Wpdiscuz
Name of the Vulnerable Software and Affected Versions: The Comments – wpDiscuz plugin for WordPress versions prior to 7.6.22 Description: The issue is related to HTML Injection due to a lack of filtering of HTML tags in comments. This allows unauthenticated attackers to add HTML, such as...
CVE-2023-46310 WordPress wpDiscuz plugin <= 7.6.10 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10...
CVE-2024-2477
The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-2477
CVE-2024-2477 affecting wpDiscuz for WordPress: Stored XSS via the image Alt text in image uploads exists in all versions up to 7.6.15 due to insufficient input sanitization/output escaping. The Red Hat advisory and Wordfence note describe the vulnerability as present in wpDiscuz and detail that ...
PT-2024-20547 · WordPress · Wpdiscuz
Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin for WordPress versions up to, and including, 7.6.15 Description: The issue is related to Stored Cross-Site Scripting via the Alternative Text field of an uploaded image due to insufficient input sanitization and output escapin...
CVE-2023-51691 WordPress wpDiscuz Plugin <= 7.6.12 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12...
CVE-2023-46311 WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...
wpDiscuz < 7.6.12 - Cross-Site Request Forgery
Description The wpDiscuz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.6.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to dismiss admin notices via a...
CVE-2023-47775
Cross-Site Request Forgery CSRF vulnerability in gVectors Team Comments — wpDiscuz plugin = 7.6.11 versions...
CVE-2023-47775
Cross-Site Request Forgery CSRF vulnerability in gVectors Team Comments — wpDiscuz plugin = 7.6.11 versions...
CVE-2023-47775
CVE-2023-47775 : Cross-Site Request Forgery in the WordPress plugin wpDiscuz (gVectors Team Comments) affects versions
PT-2023-30601 · WordPress · Wpdiscuz
Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin versions prior to 7.6.11 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web applicati...
CVE-2023-47185
Unauth. Stored Cross-Site Scripting XSS vulnerability in gVectors Team Comments — wpDiscuz plugin = 7.6.11 versions...
PT-2023-30351 · WordPress · Wpdiscuz
Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin versions 7.6.11 and earlier Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which can the...
WordPress wpDiscuz Plugin <= 7.6.10 is vulnerable to Broken Access Control
Software wpDiscuz Type Plugin Vulnerable versions = 7.6.10 Fixed in 7.6.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46309 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7f530fb70f0e Credits Revan Arifio Required privilege...
CVE-2023-3869
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...
CVE-2023-3998
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post...
CVE-2023-3869
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...
CVE-2023-3998 wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post...