Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bologer Subscribe
Filtered by product Anycomment
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24838 1 Bologer 1 Anycomment 2022-07-21 5.8 MEDIUM 6.1 MEDIUM
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
CVE-2022-0279 1 Bologer 1 Anycomment 2022-02-28 3.5 LOW 3.1 LOW
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
CVE-2022-0134 1 Bologer 1 Anycomment 2022-02-28 6.8 MEDIUM 8.8 HIGH
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
CVE-2018-21001 1 Bologer 1 Anycomment 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The anycomment plugin before 0.0.33 for WordPress has XSS.