VYPR

Comments – wpDiscuz

by WordPress

CVEs (2)

  • CVE-2023-51691MedFeb 1, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team Comments – wpDiscuz allows Stored XSS.This issue affects Comments – wpDiscuz: from n/a through 7.6.12.

  • CVE-2021-24737MedOct 11, 2021
    risk 0.31cvss 4.8epss 0.01

    The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html…