| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-5295 | Comments by Startbit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | vivacityinfotechjaipur | Comments by Startbit | Medium | 6.4 | 2023-09-30 02:33:29 | Deep Dive |
| CVE-2023-3244 | Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset | happy-coders | Comments Like Dislike | Medium | 4.3 | 2023-08-17 06:43:43 | Deep Dive |
| CVE-2021-4427 | Vuukle Comments, Reactions, Share Bar, Revenue <= 3.4.31 - Cross-Site Request Forgery Bypass | vuukle | Vuukle Comments, Reactions, Share Bar, Revenue | Medium | 4.3 | 2023-07-12 07:21:52 | Deep Dive |
| CVE-2023-23704 | WordPress Comments Ratings Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) | Pixelgrade | Comments Ratings | Medium | 4.3 | 2023-07-11 07:35:05 | Deep Dive |
| CVE-2023-30956 | IDOR in Foundry Comments allows retrieval of attachments | Palantir | com.palantir.comments:comments | Medium | 5.3 | 2023-07-10 21:07:31 | Deep Dive |
| CVE-2023-2779 | Super Socializer < 7.13.52 - Reflected XSS | Unknown | Social Share, Social Login and Social Comments Plugin | 中危 | - | 2023-06-19 10:52:40 | Deep Dive |
| CVE-2016-15033 | Delete All Comments <= 2.0 - Arbitrary File Upload | Ganesh Chandra | Delete All Comments | Critical | 9.8 | 2023-06-07 01:51:39 | Deep Dive |
| CVE-2023-30948 | Retrieval of Attachments to Comments lacks Authorization | Palantir | com.palantir.comments:comments | Medium | 6.5 | 2023-06-06 14:12:59 | Deep Dive |
| CVE-2023-2489 | Stop Spammers Security < 2023 - Admin+ Stored XSS | Unknown | Stop Spammers Security | Block Spam Users, Comments, Forms | 中危 | - | 2023-06-05 13:38:59 | Deep Dive |
| CVE-2023-2488 | Stop Spammers Security < 2023 - Reflected XSS | Unknown | Stop Spammers Security | Block Spam Users, Comments, Forms | 中危 | - | 2023-06-05 13:38:59 | Deep Dive |
| CVE-2023-33216 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS) | gVectors Team | WooDiscuz – WooCommerce Comments | Medium | 5.9 | 2023-05-28 16:58:52 | Deep Dive |
| CVE-2023-23733 | WordPress Lazy Social Comments Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS) | Joel James | Lazy Social Comments | Medium | 5.9 | 2023-05-09 10:35:14 | Deep Dive |
| CVE-2023-23977 | WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) | Team Heateor | WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments | Medium | 6.5 | 2023-04-04 12:56:36 | Deep Dive |
| CVE-2023-23670 | WordPress Fancy Comments WordPress Plugin <= 1.2.10 is vulnerable to Cross Site Scripting (XSS) | Team Heateor | Fancy Comments WordPress | Medium | 6.5 | 2023-03-30 10:44:53 | Deep Dive |
| CVE-2006-10001 | Subscribe to Comments Plugin subscribe-to-comments.php cross site scripting | - | Subscribe to Comments Plugin | Low | 3.5 | 2023-03-05 20:31:03 | Deep Dive |
| CVE-2022-4295 | Show All Comments < 7.0.1 - Reflected XSS | Unknown | Show All Comments | 中危 | - | 2023-01-16 15:38:10 | Deep Dive |
| CVE-2022-4484 | Super Socializer < 7.13.44 - Contributor+ Stored XSS | Unknown | Social Share, Social Login and Social Comments Plugin | 中危 | - | 2023-01-16 15:38:08 | Deep Dive |
| CVE-2022-4120 | Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection | Unknown | Stop Spammers Security | Block Spam Users, Comments, Forms | 超危 | - | 2022-12-26 12:28:20 | Deep Dive |
| CVE-2022-3909 | Add Comments <= 1.0.1 - Admin+ Stored XSS | Unknown | Add Comments | 中危 | - | 2022-12-05 16:50:30 | Deep Dive |
| CVE-2022-43492 | WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability | gVectors Team | Comments – wpDiscuz (WordPress plugin) | Medium | 4.3 | 2022-11-18 22:08:14 | Deep Dive |