VYPR

Anycomment

by WordPress

Source repositories

CVEs (8)

  • CVE-2025-48091HigOct 22, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6.

  • CVE-2025-60240HigNov 6, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6.

  • CVE-2025-62874MedDec 31, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through <= 0.3.6.

  • CVE-2025-67025Jan 15, 2026
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section

  • CVE-2022-0279Feb 21, 2022
    risk 0.00cvss epss 0.00

    The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users

  • CVE-2022-0134Feb 21, 2022
    risk 0.00cvss epss 0.01

    The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack

  • CVE-2021-24838Jan 17, 2022
    risk 0.00cvss epss 0.02

    The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.

  • CVE-2018-21001Aug 27, 2019
    risk 0.00cvss epss 0.01

    The anycomment plugin before 0.0.33 for WordPress has XSS.