Anycomment
by WordPress
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48091 | Hig | 0.55 | 8.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6. | ||
| CVE-2025-60240 | Hig | 0.49 | 7.5 | 0.00 | Nov 6, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6. | ||
| CVE-2025-62874 | Med | 0.28 | 4.3 | 0.00 | Dec 31, 2025 | Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through <= 0.3.6. | ||
| CVE-2025-67025 | 0.00 | — | 0.00 | Jan 15, 2026 | Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section | |||
| CVE-2022-0279 | 0.00 | — | 0.00 | Feb 21, 2022 | The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users | |||
| CVE-2022-0134 | 0.00 | — | 0.01 | Feb 21, 2022 | The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack | |||
| CVE-2021-24838 | 0.00 | — | 0.02 | Jan 17, 2022 | The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | |||
| CVE-2018-21001 | 0.00 | — | 0.01 | Aug 27, 2019 | The anycomment plugin before 0.0.33 for WordPress has XSS. |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through <= 0.3.6.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through <= 0.3.6.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Alexander AnyComment anycomment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through <= 0.3.6.
- CVE-2025-67025Jan 15, 2026risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section
- CVE-2022-0279Feb 21, 2022risk 0.00cvss —epss 0.00
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
- CVE-2022-0134Feb 21, 2022risk 0.00cvss —epss 0.01
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
- CVE-2021-24838Jan 17, 2022risk 0.00cvss —epss 0.02
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
- CVE-2018-21001Aug 27, 2019risk 0.00cvss —epss 0.01
The anycomment plugin before 0.0.33 for WordPress has XSS.