cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9488,https://securityvulnerability.io/vulnerability/CVE-2024-9488,Authenticated Logins Are Now a Thing of the Past,"The wpDiscuz plugin for WordPress has a vulnerability that allows attackers to bypass authentication mechanisms. This issue arises from inadequate verification of the user linked to the social login token, affecting versions up to and including 7.6.24. As a result, unauthenticated attackers could gain login privileges as any existing user, including administrators, provided they know the email associated with the targeted account and that no corresponding user account exists for the service that returns the social login token. This flaw significantly increases the risk of unauthorized access and potential exploitation of user privileges on WordPress sites.",Wordpress,Comments – WPdiscuz,9.8,CRITICAL,0.0006300000241026282,false,,false,false,false,,false,false,2024-10-25T05:35:29.077Z,0
CVE-2024-2477,https://securityvulnerability.io/vulnerability/CVE-2024-2477,Stored Cross-Site Scripting Vulnerability in wpDiscuz Plugin,"The wpDiscuz plugin for WordPress has a vulnerability that allows for Stored Cross-Site Scripting through the 'Alternative Text' field of uploaded images. This issue arises due to inadequate input sanitization and output escaping, enabling authenticated users with author-level access or higher to inject arbitrary scripts. When a user accesses a page containing these injected scripts, the malicious web code will execute, potentially compromising the security of the site and its users.",Wordpress,Comments – WPdiscuz,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-23T13:50:40.649Z,0
CVE-2023-3869,https://securityvulnerability.io/vulnerability/CVE-2023-3869,Unauthorized Data Modification in wpDiscuz Plugin for WordPress,"The wpDiscuz plugin for WordPress has a security issue that allows unauthorized modification of comment ratings. Due to a missing authorization check in the voteOnComment function, this vulnerability can be exploited by unauthenticated users to unjustly alter the ratings of comments. This can lead to misleading information and user manipulation, affecting the overall integrity of the commenting system.",Wordpress,Comments – wpDiscuz,5.3,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2023-3998,https://securityvulnerability.io/vulnerability/CVE-2023-3998,Unauthorized Data Modification in wpDiscuz Plugin for WordPress,"The wpDiscuz plugin for WordPress contains a vulnerability that allows unauthorized users to manipulate post ratings due to a lack of proper authorization checks in the userRate function. This weakness affects all versions up to and including 7.6.3, enabling malicious actors to either increase or decrease post ratings without authentication, which can lead to misleading user-generated content and compromise the integrity of the platform.",Wordpress,Comments – wpDiscuz,5.3,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2022-43492,https://securityvulnerability.io/vulnerability/CVE-2022-43492,WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability,Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.,Wordpress,Comments – WPdiscuz (WordPress Plugin),4.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,false,false,2022-11-18T23:15:00.000Z,0
CVE-2022-23984,https://securityvulnerability.io/vulnerability/CVE-2022-23984,WordPress wpDiscuz plugin <= 7.3.11 - Sensitive Information Disclosure,Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).,Wordpress,Comments – WPdiscuz (WordPress Plugin),3.7,LOW,0.0014900000533089042,false,,false,false,false,,false,false,2022-02-21T18:15:00.000Z,0
CVE-2021-24806,https://securityvulnerability.io/vulnerability/CVE-2021-24806,wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF,"The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.",Wordpress,Comments – WPdiscuz,4.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2021-11-08T17:35:24.000Z,0
CVE-2021-24737,https://securityvulnerability.io/vulnerability/CVE-2021-24737,Comments - wpDiscuz <= 7.3.0 - Admin+ Stored Cross-Site Scripting,"The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.",Wordpress,Comments – WPdiscuz,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-11T10:45:51.000Z,0