addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.
7.9AI Score
0.02EPSS
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
6.9AI Score
0.009EPSS