Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by bologer
CVE-2022-0279 (GCVE-0-2022-0279)
Vulnerability from nvd – Published: 2022-02-21 10:46 – Updated: 2024-08-02 23:25
VLAI
Title
AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition
Summary
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
Severity
No CVSS data available.
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/43a4b2d3-1bd5-49… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AnyComment |
Affected:
0.2.18 , < 0.2.18
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AnyComment",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.18",
"status": "affected",
"version": "0.2.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:46:12.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AnyComment \u003c 0.2.18 - Comment Rating Increase/Decrease via Race Condition",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0279",
"STATE": "PUBLIC",
"TITLE": "AnyComment \u003c 0.2.18 - Comment Rating Increase/Decrease via Race Condition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyComment",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.18",
"version_value": "0.2.18"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0279",
"datePublished": "2022-02-21T10:46:12.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0134 (GCVE-0-2022-0134)
Vulnerability from nvd – Published: 2022-02-21 10:45 – Updated: 2024-08-02 23:18
VLAI
Title
AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF
Summary
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/fa09ea9b-d5a0-47… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AnyComment |
Affected:
0.2.18 , < 0.2.18
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AnyComment",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.18",
"status": "affected",
"version": "0.2.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:45:58.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AnyComment \u003c 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0134",
"STATE": "PUBLIC",
"TITLE": "AnyComment \u003c 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyComment",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.18",
"version_value": "0.2.18"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0134",
"datePublished": "2022-02-21T10:45:59.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24838 (GCVE-0-2021-24838)
Vulnerability from nvd – Published: 2022-01-17 13:00 – Updated: 2024-08-03 19:42
VLAI
Title
AnyComment < 0.3.5 - Open Redirect
Summary
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
Severity
No CVSS data available.
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/562e81ad-7422-44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AnyComment |
Affected:
0.3.5 , < 0.3.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AnyComment",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.3.5",
"status": "affected",
"version": "0.3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-09T16:50:26.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AnyComment \u003c 0.3.5 - Open Redirect",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24838",
"STATE": "PUBLIC",
"TITLE": "AnyComment \u003c 0.3.5 - Open Redirect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyComment",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.3.5",
"version_value": "0.3.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24838",
"datePublished": "2022-01-17T13:00:27.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-21001 (GCVE-0-2018-21001)
Vulnerability from nvd – Published: 2019-08-27 11:18 – Updated: 2024-08-05 12:19
VLAI
Summary
The anycomment plugin before 0.0.33 for WordPress has XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/anycomment/#developers | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/anycomment/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The anycomment plugin before 0.0.33 for WordPress has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T11:18:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/anycomment/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The anycomment plugin before 0.0.33 for WordPress has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/anycomment/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/anycomment/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21001",
"datePublished": "2019-08-27T11:18:05.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:19:27.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0279 (GCVE-0-2022-0279)
Vulnerability from cvelistv5 – Published: 2022-02-21 10:46 – Updated: 2024-08-02 23:25
VLAI
Title
AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition
Summary
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
Severity
No CVSS data available.
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/43a4b2d3-1bd5-49… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AnyComment |
Affected:
0.2.18 , < 0.2.18
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AnyComment",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.18",
"status": "affected",
"version": "0.2.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:46:12.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AnyComment \u003c 0.2.18 - Comment Rating Increase/Decrease via Race Condition",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0279",
"STATE": "PUBLIC",
"TITLE": "AnyComment \u003c 0.2.18 - Comment Rating Increase/Decrease via Race Condition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyComment",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.18",
"version_value": "0.2.18"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/43a4b2d3-1bd5-490c-982c-bb7120595865"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0279",
"datePublished": "2022-02-21T10:46:12.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0134 (GCVE-0-2022-0134)
Vulnerability from cvelistv5 – Published: 2022-02-21 10:45 – Updated: 2024-08-02 23:18
VLAI
Title
AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF
Summary
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/fa09ea9b-d5a0-47… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AnyComment |
Affected:
0.2.18 , < 0.2.18
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AnyComment",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.2.18",
"status": "affected",
"version": "0.2.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:45:58.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AnyComment \u003c 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0134",
"STATE": "PUBLIC",
"TITLE": "AnyComment \u003c 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyComment",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.2.18",
"version_value": "0.2.18"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0134",
"datePublished": "2022-02-21T10:45:59.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24838 (GCVE-0-2021-24838)
Vulnerability from cvelistv5 – Published: 2022-01-17 13:00 – Updated: 2024-08-03 19:42
VLAI
Title
AnyComment < 0.3.5 - Open Redirect
Summary
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
Severity
No CVSS data available.
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/562e81ad-7422-44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | AnyComment |
Affected:
0.3.5 , < 0.3.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AnyComment",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.3.5",
"status": "affected",
"version": "0.3.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brandon Roldan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-09T16:50:26.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AnyComment \u003c 0.3.5 - Open Redirect",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24838",
"STATE": "PUBLIC",
"TITLE": "AnyComment \u003c 0.3.5 - Open Redirect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AnyComment",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "0.3.5",
"version_value": "0.3.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Brandon Roldan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24838",
"datePublished": "2022-01-17T13:00:27.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:42:17.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-21001 (GCVE-0-2018-21001)
Vulnerability from cvelistv5 – Published: 2019-08-27 11:18 – Updated: 2024-08-05 12:19
VLAI
Summary
The anycomment plugin before 0.0.33 for WordPress has XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/anycomment/#developers | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/anycomment/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The anycomment plugin before 0.0.33 for WordPress has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-27T11:18:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/anycomment/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The anycomment plugin before 0.0.33 for WordPress has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/anycomment/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/anycomment/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21001",
"datePublished": "2019-08-27T11:18:05.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:19:27.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}