Lucene search
K

74 matches found

Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.6 views

PT-2024-39661 · WordPress · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: The Comments – wpDiscuz plugin for WordPress versions up to, and including, 7.6.24 Description: The issue is due to insufficient verification on the user being returned by the social login token, making it possible for unauthenticated attacke...

9.8CVSS7.2AI score0.0081EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.5 views

PT-2024-37811 · WordPress · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: The Comments – wpDiscuz plugin for WordPress versions prior to 7.6.22 Description: The issue is related to HTML Injection due to a lack of filtering of HTML tags in comments. This allows unauthenticated attackers to add HTML, such as...

6.1CVSS5.3AI score0.00596EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/06/04 9:19 a.m.14 views

CVE-2023-46310 WordPress wpDiscuz plugin <= 7.6.10 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10...

5.3CVSS6.9AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2024/04/23 2:15 p.m.5 views

CVE-2024-2477

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/04/23 1:50 p.m.92 views

CVE-2024-2477

CVE-2024-2477 affecting wpDiscuz for WordPress: Stored XSS via the image Alt text in image uploads exists in all versions up to 7.6.15 due to insufficient input sanitization/output escaping. The Red Hat advisory and Wordfence note describe the vulnerability as present in wpDiscuz and detail that ...

6.4CVSS5.7AI score0.0034EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/23 12:0 a.m.7 views

PT-2024-20547 · WordPress · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin for WordPress versions up to, and including, 7.6.15 Description: The issue is related to Stored Cross-Site Scripting via the Alternative Text field of an uploaded image due to insufficient input sanitization and output escapin...

6.4CVSS5.6AI score0.0034EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/02/01 10:57 a.m.19 views

CVE-2023-51691 WordPress wpDiscuz Plugin <= 7.6.12 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12...

5.9CVSS6.7AI score0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/20 1:32 p.m.9 views

CVE-2023-46311 WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3...

2.7CVSS7.1AI score0.00527EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.21 views

wpDiscuz < 7.6.12 - Cross-Site Request Forgery

Description The wpDiscuz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.6.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to dismiss admin notices via a...

8.8CVSS6.4AI score0.00261EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/22 7:15 p.m.3 views

CVE-2023-47775

Cross-Site Request Forgery CSRF vulnerability in gVectors Team Comments — wpDiscuz plugin = 7.6.11 versions...

8.8CVSS7.3AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 7:15 p.m.17 views

CVE-2023-47775

Cross-Site Request Forgery CSRF vulnerability in gVectors Team Comments — wpDiscuz plugin = 7.6.11 versions...

8.8CVSS0.00261EPSS
Exploits0References1
CVE
CVE
added 2023/11/22 6:23 p.m.81 views

CVE-2023-47775

CVE-2023-47775 : Cross-Site Request Forgery in the WordPress plugin wpDiscuz (gVectors Team Comments) affects versions

8.8CVSS6.5AI score0.00261EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.5 views

PT-2023-30601 · WordPress · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin versions prior to 7.6.11 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web applicati...

8.8CVSS8.8AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2023/11/06 11:15 a.m.2 views

CVE-2023-47185

Unauth. Stored Cross-Site Scripting XSS vulnerability in gVectors Team Comments — wpDiscuz plugin = 7.6.11 versions...

6.1CVSS7.3AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.5 views

PT-2023-30351 · WordPress · Wpdiscuz

Name of the Vulnerable Software and Affected Versions: wpDiscuz plugin versions 7.6.11 and earlier Description: The issue is related to an Unauth. Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which can the...

6.1CVSS5.9AI score0.0037EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/10/22 12:0 a.m.16 views

WordPress wpDiscuz Plugin <= 7.6.10 is vulnerable to Broken Access Control

Software wpDiscuz Type Plugin Vulnerable versions = 7.6.10 Fixed in 7.6.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46309 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7f530fb70f0e Credits Revan Arifio Required privilege...

6.7AI score0.00347EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/20 8:15 a.m.4 views

CVE-2023-3869

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...

5.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2023/10/20 8:15 a.m.3 views

CVE-2023-3998

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.13 views

CVE-2023-3869

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...

5.3CVSS5.2AI score0.00401EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.9 views

CVE-2023-3998 wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post...

5.3CVSS6.6AI score0.00401EPSS
Exploits0References2
Rows per page
Query Builder