cbcvebase.
CVE-2024-6704
published 2024-08-02

CVE-2024-6704: The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering…

PriorityP430medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.55%
41.8th percentile
The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.

Affected

2 ranges
VendorProductVersion rangeFixed in
advancedcodingcomments_wpdiscuz<= 7.6.21
gvectorswpdiscuz< 7.6.227.6.22
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.