Gvectors Team Comments Wpdiscuz vulnerabilities
6 known vulnerabilities affecting gvectors_team/comments_wpdiscuz.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-43492P3HIGHCVSS 8.8v7.4.22022-11-18
CVE-2022-43492 [HIGH] CWE-639 CVE-2022-43492: Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz pl
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.
nvd
CVE-2022-23984P3HIGHCVSS 7.5≤ 7.3.112022-02-21
CVE-2022-23984 [HIGH] CWE-200 CVE-2022-23984: Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
nvd
CVE-2023-47775P3HIGHCVSS 8.8≥ n/a, ≤ 7.6.112023-11-22
CVE-2023-47775 [HIGH] CWE-352 CVE-2023-47775: Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.1
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
nvd
CVE-2023-46311P4MEDIUMCVSS 6.5≥ n/a, ≤ 7.6.32023-12-20
CVE-2023-46311 [MEDIUM] CWE-639 CVE-2023-46311: Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.
nvd
CVE-2023-47185P4MEDIUMCVSS 6.1≥ n/a, ≤ 7.6.112023-11-06
CVE-2023-47185 [MEDIUM] CWE-79 CVE-2023-47185: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments — wpDiscuz plugin <= 7.6.11 versions.
nvd
CVE-2023-51691P4MEDIUMCVSS 4.8≥ n/a, ≤ 7.6.122024-02-01
CVE-2023-51691 [MEDIUM] CWE-79 CVE-2023-51691: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12.
nvd