Appjetty Show All Comments vulnerabilities
2 known vulnerabilities affecting appjetty/show_all_comments.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-4295P4MEDIUMCVSS 6.1PoCfixed in 7.0.12023-01-16
CVE-2022-4295 [MEDIUM] CWE-79 CVE-2022-4295: The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before
The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
nvd
CVE-2025-47607P4MEDIUMCVSS 5.9≤ 7.0.12025-05-07
CVE-2025-47607 [MEDIUM] CWE-79 CVE-2025-47607: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AppJetty Show All Comments show-all-comments-in-one-page allows Stored XSS.This issue affects Show All Comments: from n/a through <= 7.0.1.
nvd