Unknown Anycomment vulnerabilities
3 known vulnerabilities affecting unknown/anycomment.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2022-0134HIGHCVSS 8.8≥ 0.2.18, < 0.2.182022-02-21
CVE-2022-0134 [HIGH] CWE-352 CVE-2022-0134: The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert Hyp
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
cvelistv5nvd
CVE-2022-0279LOWCVSS 3.1≥ 0.2.18, < 0.2.182022-02-21
CVE-2022-0279 [LOW] CWE-362 CVE-2022-0279: The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
cvelistv5nvd
CVE-2021-24838MEDIUMCVSS 6.1PoC≥ 0.3.5, < 0.3.52022-01-17
CVE-2021-24838 [MEDIUM] CWE-601 CVE-2021-24838: The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the red
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
cvelistv5nvd